It’s been three years since the introduction of Europe’s data privacy and security law on 25 May 2018.
GDPR governs the way organisations that operate within the EU can use, process and store consumers’ personal data.
At first smaller firms and start-ups feared they did not have adequate resources to fully comply with its rules.
Other critics suggested the legislation relied too much on consumers knowing and understanding their rights.
Since its launch, hundreds of millions of euros worth of fines have been handed out by information commissioners around Europe.
To continue reading this BBC News report, go to: