The Baker & McKenzie roundtable is the starting point of this article. It builds on the discussion in that crowded conference room, draws on first-hand experience from the sanctions department of the French Data Protection Authority — as well as insider interviews — looks at technology challenges, and provides a personal glimpse into the workings of how one multinational organization, General Electric, prepares for dawn raids and adapts to data privacy risks. It’s a brave new world indeed.