The truth is, the number of fines is likely to increase in 2019. While there were a total of €56 million in fines handed out to organisations in over 206,326 reported cases, Google's monstrous €50 million fine definitely serves to skew that figure. In reality, we haven't yet seen the maximum ‘4% of annual turnover' which would obviously represent well over €50m for some of the massive global firms. However, some experts are indicating that the larger fines and other punishments are on their way, so the last thing firms can do is become complacent.

Franco adds that larger organisations are especially at risk, noting, "In the run-up to the GDPR first year anniversary we are seeing increasing media attention on the big data privacy violation.

"We saw Google fined a record 50 million euros under GDPR by the CNIL and in Ireland, 16 companies are under investigation, including Facebook, LinkedIn, Twitter to name a few. Facebook having already been fined £500,000 by the UK data regulator, the ICO, for the Cambridge Analytica debacle, now faces a possible multibillion-dollar FTC fine in the US for data privacy violations.

"With so many users of these platforms, complaints are likely to stack up with regulators, who may then feel compelled to act."

Paving the way forward

Looking back on the way organisations have responded to GDPR, it's certainly not all doom and gloom. Veritas Senior director of Northern Europe Jasmit Sagoo says one positive thing to come out of GDPR is the manner in which it has improved transparency.

"High-profile data breaches have made consumers increasingly cautious about what data they share, where it's being stored and whom it is accessed by," Sagoo says.

"Our research has found that poor data protection can have a dire commercial impact on companies - 56% of consumers would dump a business that fails to protect their data, and 47% would abandon their loyalty and turn to a competitor. In the last year, when organisations have had a breach, they have taken the correct measures to reach out to their customers."

Franco mirrors this sentiment, arguing that - rather than seeing GDPR as a frustrating business cost or handicap - organisations should use it as a competitive advantage by employing an open approach to customer transparency. This is especially important as GDPR is likely to affect all competitors of affected organisations, and with consumers hyper-aware of their rights, it would make sense to have the best possible approach.

"In order to build and grow customer relationships, organisations will have to honour the contract they are making with customers. As with any contract, this is more than a legal requirement, it's about building a trusting relationship. This is a vital distinction," Franco says.

"Trust is a pivotal aspect for businesses today and in the future. If you do not have a contract that your customers like or trust, customers will begin to withhold their data. This is why we are seeing the likes of Google and Facebook announcing concessions to privacy now."

Franco adds that many organisations have used GDPR as a means to improve their own internal methodologies for collecting and processing data, with positive knock-on effects to the quality of their services. He also asserts that organisations are starting to get the right idea of how to manage their DPOs to tackle data management.

"Firms are working in the right direction, they are employing DPOs and working on aligning their data to ensure that the customer's rights are respected." Franco continues

"Here, data management - knowing exactly where your data comes from and where it goes - is critical. Businesses also need to protect data and anonymise it across all information systems by applying techniques such as data masking."