Just over a year ago, on May 25, the General Data Protection Regulation (commonly known as the GDPR) was adopted by the European Union (EU) Member States. This regulation marked not only an important development for the field of data protection and its harmonisation across the Union, but also highlighted the debate between security and privacy in this new digital age. A year after its entry into force, academics, policy-makers and company owners reflect upon the changes undertook to comply with the regulation and its impacts. Although positive developments can be observed as going in the right direction, there is still much work left to do. This article reflects upon the first year of the GDPR and assesses the positive and more difficult developments it engaged as well as its current position not only in the EU, but equally across the globe.