Although the General Data Protection Regulation (GDPR) has been in force since May, no fines for noncompliance have been issued as of yet. It appears that businesses will only see fines for serious offenses, but it seems regulators simply have not gotten caught up yet. More than 100 days have passed now since the GDPR took effect, and businesses should take a critical look at the measures they put into place before the GDPR deadline. This can be accomplished by conducting practical testing and asking for honest feedback from team members. The next 100 days could see more enforcement and potentially the first big fines, contractual disputes between controllers and processors, more heated discussion on the ePrivacy Regulation and international data transfers in the headlines in the form of Privacy Shield, Brexit and Schrems.