A year after GDPR came into effect, ICO (British regulatory authority on Data privacy) had fined British Airways and Marriott International for £183.39 million and £99 million respectively The penalties imposed on the companies are less than 4% threshold limit (GDPR stipulates penalties up to 4% of global revenues). By imposing the penalties, ICO have signaled that companies need stronger data privacy regulations and mechanism. If proper care is not taken by companies, ICO will not shy away from heftier fines.
Across the North Atlantic, US is also bringing a law in form of NVSB220 and CCPA (also referred by some as GDPR-Lite). The regulation may probably douse the ongoing debate on data privacy. As response to CCPA, companies will need to start adding clauses in privacy policies or managing the data stored or processed.