And if you are a small/medium business, don't comply and somehow are reported, you will receive an email from the regalutory instance of the country the person who reported you come from. They will tell you what is wrong and point you to some articles who can give you advices on how to comply. If you have difficulty to do so, you can contact them and ask specific advices, they will respond (probably a bit late) and as long as you comply with the RGPD within a month after that, you're good.
Audit can take some time and have a real impact on your business though, so i'm not saying everything is perfect. But to me, audit is the only thing you have to be really afraid of, not fines.
Audit can take some time and have a real impact on your business though, so i'm not saying everything is perfect. But to me, audit is the only thing you have to be really afraid of, not fines.