E.U. data protection authorities have levied more than 230 fines under the GDPR since its May 2018 implementation, according to a recent presentation from data privacy and cybersecurity firm Spirion, LLC. The COVID-19 pandemic has thrown a wrench into enforcement in many areas, leaving companies to wonder what lies ahead. To address some of the uncertainty, the U.K. Information Commissioner’s Office has issued guidance that explains how the agency has adapted its approach to enforcement. We distill the takeaways from the Spirion program, which examined several recent GDPR enforcement actions and the lessons they hold, and discuss the new ICO guidance. See “ICO Enforcement Takeaways After Marriott and British Airways” (Oct. 23, 2019).