We recently crossed the one-year anniversary of the General Data Protection Regulation, better known as GDPR, going into effect. While the legislation originated in Europe, its implications have been felt by companies across the globe.

Below we look at the state of data privacy since the arrival of this groundbreaking legislation aimed at protecting citizens, as well as what’s on the horizon. As for assessments, we’ll leave that to the pundits. However, one thing is certain: There’s more to come!

A quick look at the numbers related to GDPR after one year reveal that both companies and the countries impacted are still learning how to operate in a world where data privacy is paramount. This is highlighted not just by ongoing compliance challenges and lax enforcement by officials, but also new opportunities for companies to be more trustworthy and transparent, especially with customers.

GDPR has fundamentally changed the way companies collect, store, or process information on private citizens—and that’s a good thing. For many businesses, in Europe and beyond, the preparation leading up to GDPR and ongoing compliance has fundamentally changed the way they manage data for the better. For those that get it right, this new approach has resulted in cost savings, improved data strategies, better marketing, and stronger customer relationships.

However, according to a recent Reuters article, many companies are still nowhere near compliant. Here’s a look at the numbers related to non-compliance after 12 months:

  • 56 million euros in fines imposed, 50 million of which was levied upon Google alone
  • More than 200,000 investigations of violations in 31 countries
  • 52 percent of opened cases already closed with a total of 90 fines imposed

In comparison to the threat of being fined up to 4 percent of total global revenue, these numbers are ultimately much lower than what companies could face for non-compliance. But that could be ending soon as countries start coming down harder on companies with stiffer fines and penalties.

According to a recent Politico article, the cost of non-compliance will indeed increase going into year two of GDPR. Also, according to Marie-Laure Denis, head of France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), after a year of “relative tolerance,” the CNIL, along with other data privacy watchdogs in Europe, is expected to punish companies that fail to comply with the regulation.

There’s also the threat of private litigation as consumers exercise their rights to privacy by going after companies that break the rules.

And just when companies have figured it all out, new regulations are getting rolled out in other parts of the world. This includes the recently passed California Consumer Privacy Act and efforts underway for new regulation in Australia, Brazil, South Korea, Japan, and India.

For more information, including the international implications of GDPR in the year ahead, check out this CNet article.