It is the question that many of the data protection circles are concerned about: What happens in 26 May? For those who do not understand the date, it should be remembered that the General Data Protection Regulation (from the General Data Protection Regulation or shortly GDPR) is due to enter into force on 25 May.
So many are wondering what will happen after the new regulation is implemented. Of course, the EU and the Member States are reportedly taking the data protection very seriously, but so far, we have not seen any striking changes in the measures to be taken for the new regulation. 
Some would argue that this is because many countries they have neglected to give data protection laws to law enforcement and thus will essentially have no control mechanism readily available.
But GDPR is coming and bringing new rights for users, new obligations to notify data breaches and many other business issues that Companies they will probably find it difficult to deal with.
The data protection authorities (DPA) expect everyone to apply with speed the law, but no one has said what will happen from day one... Will they start handing out fines immediately? Will there be a lot of fines? Will fines be the DPA's key tool for GDPR enforcement and enforcement?
Below we will see what you can do from 26 in May if you are not yet ready to fully adopt the new regulation:
First of all, do something to make the effort appear. Even if you are not ready for full adoption of the GDPR, it will not be a problem. Will there be a period of grace? We hope that some authorities will explicitly state that they will not exist. Of course, the necessary curve for learning the new regulation should be taken seriously, but this lies at the discretion of each Authority. However, it is important to start today, not tomorrow.
If an authority invites you and you can prove that you have started the path, it will go a long way.
Secondly, immediately update the Privacy Terms of Service and tell your customers what you do with their data. Also make sure to let them know about their rights as described in GDPR.
Transparency will be a key priority of implementation, it will be the key. Rights can not be exercised if there is no transparency.
If you're collecting data and doing something with it that your customers don't know about, you better stop, not tomorrow, today, or at least from May 25th. You are legally required to have a data protection officer. Make sure you set a name and publish them data of his communication.
Third, make sure you ask for help. Some of these problems they are really hard to solve. If you have a problem, don't pretend it doesn't exist. Don't hope no one notices. Contact your local DPA and ask what you don't understand. It's better that you bother him than that they bother you.
Although not all EU data protection authorities are equally cooperative, the GDPR should be implemented. The given grace period mentioned above may not exist in some countries:
"There are no grace periods," said the Austrian DPA and Andrea Jelinek, "because grace periods were already the previous two years. You had two years to take the necessary steps. "
Surely there will be fines and they will be important. Strict fines will of course be imposed on companies that intentionally insist on violating the law.
There will be warnings, and investigations will be conducted before the fines. However, companies that show a willingness to comply and cooperate will be better treated by the authorities. Initially at least…
____________________
