In the run-up to the General Data Protection Regulation (GDPR) coming into force in 2018, the increased level of fines combined with a raft of new and enhanced data protection obligations created a big stir.
Some organisations sprang into action, mapping their data flows, polishing up policies, rolling out training and so on. Others took a much more relaxed approach – after all, they had managed to fly under the radar of regulatory scrutiny before, so why should the GDPR change that?