GDPR Enforcement is coming says French data protection authority, CNIL.

“According to the head of France’s data protection authority, the period of relative tolerance following the introduction of the General Data Protection Regulation (GDPR) is now over.”

“Going forward, any company that has yet to comply with the rules should expect tough scrutiny and, failing changes, the threat of financial penalties of up to 4 percent of their global annual turnover,” warned Marie-Laure Denis, who leads France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

“If the CNIL was relatively tolerant over the course of last year, a transition year, we consider that it’s now up to companies to be compliant in terms of data protection,” Denis said.

Denis acknowledged…the slow pace of enforcement.

“You might say that the car is not going fast enough — but it’s moving, with a mechanism that is different from the one it had before, and we’re several parties behind the wheel. So while it’s not abnormal that we’ve yet to see results [from cooperation on GDPR cases], we need to see them.”

Details from Politico Pro.