The GDPR comes into effect on May 25. That's the deadline for the new [Technical difficulty--Editor] coming in place. The House of Commons has got the final stages of the bill to implement the GDPR, for instance, next week.
I think it enhances a lot of the data.... A lot of the existing data protection law is already quite helpful for the inquiries that we're pursuing because there are already quite tough restrictions on holding political data about people and who can do it.
I think one of the big questions posed to our inquiry, and why we supported the Information Commissioner's getting these additional powers to support her investigations, is how do we know that a company like Facebook is compliant with GDPR rules? If someone puts in a request to get their data back or to have their data destroyed, how do we know that the request has been complied with? If someone asks for their data back and they want data that's been acquired by Facebook developers, as well, who polices that? The best way we can do that, I think, is to make sure the authorities have got these “no notice” powers just to go in and take data and inspect data where they believe a breach may have occurred. One of the big questions for us when GDPR comes in is, how can we make sure that it's being enforced correctly and that companies are actually doing what they're being asked to do?