But it doesn't have to be this way.
On the business side, companies are rushing to renegotiate contracts with suppliers and service providers because GDPR increases their liability if something goes wrong.
Filing its complaint against Google Android in France, against Facebook in Austria and against the social network's two subsidiaries, Instagram and WhatsApp, in Belgium and Hamburg respectively, noyb.eu hopes to enable "European coordination" between countries' data protection authorities over the complaints.
The new rules have appeared to focus on Silicon Valley tech giants like Facebook and Google, but they affect all businesses that offer free content online but make money by collecting and sharing user data to sell targeted advertising. "Alert Logic can help these organisations achieve compliance quickly and reduce the risk of stringent fines from GDPR non-compliance-without having to hire more people-through an integrated solution that includes robust security compliance controls and expert services". "We'll have to see how they're going to be able to, on the one hand, please those privacy consumer organizations by looking into the matter, and [also] respecting the promise of being pragmatic".
One key provision of GDPR, the right to data portability, is causing particular confusion.
Not much will change for CBS with the introduction of the new European privacy legislation, according to Booleman: 'We have had to revise some phrasing on the CBS website.
GDPR requires special measures to be put into place when handling the data of a child.
It's unlikely that Google and Facebook will be fined anywhere near that much given who they are and the European Union regulator's stated intentions of working with organisations rather than penalising them to start with.
For example, WhatsApp, which is part of the Facebook Group, in its latest updated version, added a new "request account info" item in its setting part of the app. Users can press a request button to let WhatsApp create a report of users' WhatsApp account information and settings.
What this demonstrates is that it's possible to have a global privacy standard. And the public finally understands our work and the importance of privacy in our digital economy.
Unfortunately, the likelihood of any real penalties being applied has resulted in lackadaisical compliance, despite the Privacy Commissioners' best efforts over the years, Shera said. As such, there is a need for all actors in the gambling industry to comply with the regulations so as to avoid incurring unnecessary huge penalties. These aren't the actions of a company trying to leverage its way into a fast buck.
"Forget about all the fines and punishment stuff - that's just the headline stuff that vendors want you to pay attention to, to scare you into buying their products and services", Honan says.
Some cloud HR and People systems in the market today, including the Sage Business Cloud People system, enable you to export data in the necessary formats and to anonymise or delete data when required. Just be careful that you don't violate the GDPR in the process.