The GDPR forced companies to spend a substantial amount of time, resources and money on becoming compliant. For many companies, it took years to understand, build and manage a compliance program to meet the variety of requirements included in the GDPR.