Content available in English.

One year after its commencing effect, we see a lot of overview articles highlighting what happened with GDPR in its first year. Loads of breaches, plenty of guidance, the first major GDPR fine issues by CNIL, panic, denial and still lots of fear, uncertainty and doubt. But what was the GDPR about in the end? The short answer can be easily found in the full name of the regulation.

As we hit the one-year mark of the implementation of the GDPR, it’s time to take a deeper look into what effects the EU privacy regulations have had on the approach of businesses and the public towards data privacy, how predictions have compared, what the biggest breaches and fines have been, how big tech companies have handled the new regulation, and what we can expect going forward. 


If you are a company that is concerned with the processing of personal data, you must know that having a data protection policy is crucial. In this blog post we discuss the scope and intent of a data protection policy. 

As technology is continually tightening its grip upon our day-to-day lives, a multitude of issues such as data breaches, digital surveillance and the evasion of privacy have come to the fore. Since unplugging from the online world is not a feasible option in today’s era of digital dependence, privacy advocates posit that internet users must take appropriate measures to protect their personal data at an individual level so they can navigate the web safely and continue to use their digital devices with ease. 

Though obviously no-one can predict the future, it is great fun thinking of what will have happened to privacy regulation in five years' time. The EU GDPR has been an agenda-setting legal instrument but its effects are still only in their infancy.

This blogpost series started with tips on how to prepare for a GDPR compliance program. How to execute such a program within your organisation was explained in the second blog post. In this final blogpost, we will take you through the last steps of establishing a GDPR compliance program within your organisation. All of these steps are about communication. 

The European Data Protection Board (the “EDPB”) recently published an overview on GDPR’s implementation since its enforcement last May, and the roles of national supervisory authorities in this regard. We have summarised and examined some of the items we consider key to the success of GDPR, in this blogpost.

National Implementation of the GDPR

As of today, almost all Member States have implemented and enforced the GDPR in their national laws. The only remaining exceptions are Czech Republic, Greece, Slovenia and Portugal. 

In the previous blogpost, we talked about the preparatory phase of creating a GDPR compliance program for your organisation. Now it is time for the next step: the execution of the plan. In this blogpost, we will give you tips about how you can roll out a successful GDPR privacy compliance program within your organisation. 

Often the best way to tackle complicated matters is to make it fun. Because, the show must go on. Therefore, here are 8 essential tips to become and stay compliant with the GDPR if you don’t want to be the next one biting the dust.