Does GDPR already need to be updated to cope with new technologies? It is plausible that there have been some significant developments since GDPR was initially designed that challenge the boundaries of what is expected from data controllers and processors. However the fundamental principles should be pretty enduring, and therefore my view is that, rather than having an overhaul so early in its life, it would be better for both regulators and businesses subject to GDPR to have a thorough COVID re-think of the practical implications for compliance of (for example) the greater use of videoconferencing, remote working, cryptocurrencies, etc.