The noble Lord is right. If a data controller causes an offence in two different jurisdictions, two different jurisdictions could decide where they want to hold the controller to account. In the same way, if a person or a company committed a crime in two different countries that are not outside the EU, those countries would be able to take action against them for the law that pertains in their own countries.
The noble Lord, Lord Foster, also asked about the public warning system under the EECC. That is not part of this SI or the BEREC regulation and is therefore not part of the intra-EU core system. Post exit in a no-deal situation, the Government would be minded to implement the EECC where it fits in with UK policy objectives, but there will be no requirement to do that. I will take back his suggestion about the public warning system, but I can make no commitments on it at the moment.
On timing, the GDPR and the Data Protection Act came into force on 25 May 2018. The focus of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, which were debated in this House in February, was on the retained GDPR and the Data Protection Act. I think that was my last point, which I have already answered, so I beg the noble Lord’s pardon. I will check the record to make sure that I have answered his detailed questions, and if I have not I will write to him.