About 150 countries have data protection laws, and many contain restrictions on data exports. Less well understood is that many of these laws also have a very ‘long-arm’ jurisdictional reach. The GDPR, for example, can apply to processing anywhere on the planet. Dozens of countries also have laws requiring certain categories of data to be stored (‘resident’) in that country. Others have forced ‘localisation’ requirements, and in some cases it can be illegal to hold copies of data outside the jurisdiction. This session will explore how these rules work. We will also look at practical steps that can be taken to manage overall compliance, including how to deal with potential conflicts between data sovereignty, residency, localisation, and transfer rules.