The GDPR has already applied for almost a year. In this time, there has been significant criticism of its substantive provisions and their practical impact on public bodies and businesses. Yet, this is the same Regulation that, received generally positive responses across the board, these are the same substantive provisions that already appeared in the Directive and the same practical consequences already predicted in the legislative process. This panel considers this apparently contradictory situation and, in particular, considers the following questions:
• Where is all this criticism coming from?
• What form does it take?
• Is it justified?
• Where do we go from here?