In Q1 of 2018, the specter of GDPR was scary.
No one really knew what to expect. How many inquiries will my organization receive? The regulations were/are pretty ambiguous — how would they enforced? Is it just an EU concern?
At almost a year in, we have some answers to these questions. You’ll get requests from users in the EU, but outside it as well. Besides Google, there haven’t been a lot of high profile cases of enforcement and fines. Overall, the bar has been raised for all, and that’s great. Data Privacy matters, and that bar will continue to be raised.
Even CNIL's Moulin, said that last year "should be considered a transition year" for GDPR, as national regulators had to focus on finalising their rules and approaches, and spent most of their time tying up probes under the previous regime.