At least in theory, the General Data Privacy Directive (GDPR) was a sea change in data privacy, not only in Europe, but worldwide. Certainly, organizations around the world scrambled to comply with it, fearing very onerous consequences for noncompliance. But the GDPR is very high-level, and often vague, so compliance in many cases has been a guessing game. So, a year later, where are we? Have things cleared up enough so that we now have some clarity? This session will examine the GDPR a year later and look at what we’ve learned and what we haven’t and look at the road forward. This session is a must for any lawyer with a commercial client that transacts any business of any kind in the European Union. Data Privacy is a very critical matter for all of them, and any lawyer advising such a client needs to know the lay of the land.