As we come up on the one-year mark of the GDPR, it makes sense to take stock of what seems to be working well—and what may be working less well. The breach notification plank of the regulation has clearly had a significant impact, while the fining authority has been less obviously valuable in the GDPR’s first year of implementation. The EU may yet adjust to correct some of these problems: For instance, Eckersley said at the panel that several EU countries are working to define a matrix for calculating fines under the GDPR that may help the various countries’ data protection authorities harmonize their penalties, so that one company is not hit with nearly 90 percent of the total fines for an entire year. But in the meantime, other countries should take note of the GDPR’s successes and failures, and consider seriously how they can adopt some of its more effective elements while avoiding its most problematic features.