The potential fines that are bandied about relating to GDPR are enormous, crippling and harsh. 

However, the ICO is taking an interesting stance (according to its own blog). It says fines are great for headlines but they're actually a last resort.

Who knew that out of 17,300 cases last year only 16 turned into fines? 

The position of this blog is one of common sense rather than fear. Does that mean we can all breathe a sigh of relief as we work towards compliance?