Mr. Daragh O'Brien:

That is where principles-based regulation is not a bad thing, as long as it comes with strong enforcement and clear governance structures. One cascades from principle to policy to procedure to evidence to enforcement. Mr. Kelleher will forgive me for straying into his territory a little here. The lesson we can learn from the banking sector is that in the absence of an evidence-based accountability system - the GDPR is brilliant because it has this John F. Kennedy sentence in it - it is the obligation of the data controller to be responsible for compliance with principles, and to be able to demonstrate compliance. That little John F. Kennedy sentence, like saying that if we land a man on the Moon, we have to bring them back safely to the Earth, sets out a challenge in the second part. That is where clear governance structures are essential in organisations, both public and private sector, for handling personal data.