GDPR is now in effect, but companies across every industry have been under pressure to become compliant since the law was introduced in 2016. Some responded by changing their IT processes, others placed the burden on their legal team, but others only began to adapt in earnest once the 25th May deadline was just around the corner.

Data protection must be treated with the right level of gravitas. It might be tempting to think you can steer clear of regulatory issues as long as you are not doing anything untoward with people's personal data, but this is short-term thinking. GDPR may only mark the beginning of a global regulatory push to improve data protection, and regulation will only become more demanding.