GDPR, the EU directive on data protection and privacy, has been in force for a year, but Slovak authorities have been lenient in checking compliance and have not levied any major fines. The Slovak personal data protection authority ÚOOÚ has only levied three €1,000 fines. Companies used to heavy regulation, such as banks, insurers and utilities, coped with the GDPR the best, while it remains a challenge for industrial companies and marketing agencies. Even at the EU level there have been very few large fines. The €50m fine for Google in France stands out, as does the £0.5m fine for Facebook in the EU. In the CEE region, Bisnode was fined €0.2m in Poland. When checking compliance, the authorities focus on tech firms.