According to a report by the European Commission, two years after it went into effect the EU’s General Data Protection Regulation (GDPR) is an overall success in providing more privacy for citizens and a better understanding of their rights concerning their personal data. But implementation across member states isn’t consistent, which impacts cross-border business, particularly when it comes to new technological developments and cybersecurity products. This is mostly because member states bear responsibility for managing the data protection and their efforts vary. The countries with the best record include Iceland, the Netherlands, Finland, Ireland and Luxembourg. Other countries lag behind, and the situation is “not yet satisfactory overall,” said the report. Large organizations have generally adapted to GDPR, but understanding the regulation and becoming compliant is still challenging for small and medium sized enterprises. Despite such issues, the Commission calls GDPR a success. “The GDPR has successfully met its objectives and has become a reference point across the world for countries that want to grant to their citizens a high level of protection. We can do better though, as today’s report shows,” said Didier Reynders, European Commissioner for Justice.