This conference addressed the far reaching GDPR requirements including the added value of fair and lawful processing. We covered the GDPR’s impact both in the EU and the wider world but also its impact on company operations. There was a session on the European novel right of collective action which has already stimulated France’s CNIL into action to impose a 50 million Euros fine on Google. Other companies are also in the frame. Compensation for damages from the exercise of privacy rights is now firmly on the agenda.

May 2018's drama of the GDPR fully applying and the adoption of the EU Member States’ data protection laws may have diminished on the surface. But data controllers and data processors will always need to pay attention, as laws have been strengthened, organisations have stricter duties and individuals have stronger rights.