The Irish Data Protection Commission’s recent €225-million fine against WhatsApp Ireland Ltd. for failure to meet the GDPR’s transparency requirements is a warning to companies to keep on top of privacy compliance. This first article of our two-part series on key takeaways from the case covers, with insight from partners at K&L Gates, Seddons and Orrick, the impetus and focus of the DPC’s investigation, its treatment of what constitutes personal data, how to handle regulator inquiries and the increase in remedial obligations found in E.U. regulators’ decisions. Part two will offer practical steps on building a strong foundation for a compliant global privacy program. See “Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In” (May 29, 2019).