In the year leading up to the 25th May 2018, the General Data Protection Regulation (GDPR), to consumers, was best known as a continuous series of arduous rapid-fire, opt-in/opt-out privacy notices from organisations. For businesses, it was the cause of tension, confusion a rush to ensuring compliance for fear of a maximum fine of 4 per cent of global annual turnover, amounting to €20 million.