Our global reach
Country reports
Seven jurisdictions assessed against the DR2I framework on four dimensions: substantive law, enforcement practice, institutional architecture, regulatory culture.
- Brazil LGPD's structural inheritance from the GDPR; underground data markets; healthcare and fintech costs of restricted secondary use.
- European Union Eight years of GDPR implementation; the Digital Omnibus reform vehicle; targeted amendments to Articles 1, 5, 51, 57, 70, 71.
- Germany Seventeen federal-state DPAs without binding coordination; the 2025 coalition agreement on centralisation; the Research Data Act delay.
- Italy The Garante's AI engagement; the Bolognini and IIP Digital Omnibus proposals; Italy as a laboratory for innovation-sensitive supervision.
- Singapore PDPA and the PDPC's risk-proportionate, advisory-first culture; the legitimate business purpose framework; sectoral data governance.
- Turkey KVKK and rapid digitalisation; Turkey's strategic position between European, Asian, and Middle Eastern data economies.
- United Kingdom Post-Brexit reform and the Data Use and Access Act 2025; the secondary growth duty; the adequacy challenge.