As organizations enter 2018 and realize the size of the task to become GDPR compliant by 25th May, there will be a lot of panic. This legislation seems poorly understood which has led to many organizations tabling it for ‘later’ and, for many, they will wait until the first prosecution is underway before they react. The EU gave over 2 years, after GDPR passed into law (27th April 2016), for organizations to become GDPR compliant, so there is likely to be little tolerance for non-compliant organizations which are breached after 25th May and, more than likely, some example setting. Those who completed their GDPR compliance ahead of the deadline will be right to feel smug as they watch their competitors flail.