The GDPR was meant to harmonise the EU's data protection regime but there is a considerable difference across the EU in terms of approach, not to mention resources and workloads. And what about the UK, now sitting outside the GDPR and no longer subject to the cooperation and consistency mechanism – is the approach different under the UK GDPR and how likely is it to evolve further? We look at the approaches of the Irish, French, Spanish, German and UK data protection regulators, and at the role of the EDPB in enforcing data privacy law.