That's a very good question. The regulation itself defines some general parameters, and the regulators have been developing opinions and guidance to operationalize the principles and the concepts around that. Also, there is the concept of codes of practice, which I think can be very helpful in terms of allowing the definition of standards and guidance that can be enforced as well. Of relevance to our current discussion, these would be two things to mention.
The GDPR has many other things that I think are beneficial, but we'd be here for a long time if we had to go through all of them.