Now that GDPR is in effect, it’s anyone’s guess where enforcement will fall first, but experts think it’s a safe bet that compliance authorities will start by focusing on areas where they can have the most impressive or consequential impact, either by fining a company for its use of individuals’ private data or by demanding that the company stop all data processing activity. Some experts speculate that enforcement will start by making an example of a big multinational firm, then move on to local but particularly noteworthy organizations such as those that handle children’s data or pose a risk to public health or security.
Companies that are making a good-faith effort to comply probably don’t need to worry — yet. You still have time to contact us for help updating your security program to comply with GDPR regulations. Just don’t wait too long.