One of the most “interesting” parts of GDPR is that it delegates enforcement to ~25 member countries.
This leads to the situation where the interpretations can vary greatly from country to country. We might see a very pro business Irish agency saying one thing and the Danish saying another.
Remains to be seen if that will lead to compliance shopping like in some finance regimes or if every enforcement group will get to come after every firm.
