This document discusses GDPR compliance in 2019 after the initial hype in May 2018. It notes that national data protection laws have been implemented to comply with GDPR. Data protection authorities have begun information requests and background checks. The first fines under GDPR have also been issued. It also discusses ongoing data breaches, data processing agreements, and data protection impact assessments that law firms have been assisting with. It addresses common misconceptions around GDPR requirements and provides four questions to help determine compliance. Looking ahead, it notes the upcoming ePrivacy Regulation will further address privacy issues not fully covered by GDPR.