An interesting article by Georgina Graham of Osborne Clarke looking at the first year of life under GDPR and what to expect in the next twelve months.  

It goes without saying that GDPR has led to many more reports of data breaches in the UK - as pre-GDPR reporting was only mandatory in certain industries, however, as noted in the article, overt enforcement, save for one or two very notable exceptions, has been lacking.  The key word here is overt and I am sure much is going on behind the scenes which will reveal itself over the next 12-18 months as actions unwind and become public.

Beyond the direct and overt regulatory action, as well as that to come, there are also two other notable trends that have impacted or will impact business identified in the article: class-action style litigation and data subject requests - both of which can impact businesses in different ways.  

Businesses need to continue to take GDPR seriously, monitor how it develops and stay on the front foot.  As noted in the article, now is a good time to carry out a compliance audit as well as continue to focus on five key areas: policies and procedures; third party relationships; privacy impact assessments; training; and breach response.