So here we are. At that juncture which we have all be expecting, where warning and preparation meet reality. The GDPR has delivered intention of its first astronomical penalty value, with British Airways in its cross-hairs, to the tune of £183 million.

After last years high-profile data breach, it was expected that British Airways would be made an example of; and what an example it is.

For some, it might have felt like the GDPR was a little bit of an anti-climax. Relative hysteria in the build up to May 2018 has not led to the end of marketing departments, mass administration of fined companies or denial of service by DPIA's.

Instead, in the 12 months since its enforcement, all has been a little quiet.

Or has it?

By now I am sure you have seen and read enough IT security "predictions" for 2019. As cynical as it may seem, I often chuckle at the alignment of an author's predictions and the solutions and services that they sell. Coincidence? Or good marketing?

The GDPR (General Data Protection Regulation) is a complex beast, of which there seems to be an endless supply of regurgitated information online, in print and at various events. What is lacking however is practical information on how to handle its requirements operationally.

If you haven’t heard of the GDPR (General Data Protection Regulation), quite frankly I am in envy of you. Never has there been an IT security topic so heavily covered by those who wish to show they are literate and can re-write what they have read. Astronomical fines, forbidden non-consensual communication and mighty data subjects wielding new found rights have all been covered repeatedly and tirelessly.

As far as titles go, this one will likely prove divisive. On one hand, there are a plethora of IT security solution and service providers who are keen and hungry for the opportunity to work with customers on their preparations for the GDPR. On the other, doubt is sowed by those who question the ability of anyone who claims to know anything about the GDPR, simply because there is nobody with experience in application of a regulation which yet to come into force.

Otherwise known as the measuring stick by which your some of your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are somewhat rarely acknowledged for one simple reason; five of the six have no real application in helping to peddling products and solutions.

Big network breaches are becoming the norm with little resistance seemingly being placed in the attackers path. Is this the world we must become accustomed to living in? or can technology be part of the solution rather than just the problem?

After months of public debating, the binary answer to what is likely to be the most momentous decision the UK will make in my lifetime was finally within reach. The ultimate question was answered: the UK was to leave the EU, but what is left in its place?