The GDPR has been a success in terms of breach notifications but a failure when it comes to imposing fines on firms that fail to protect consumer data, according to panelists at a forum run by the International Association of Privacy Professionals in London. French regulator Mathias Moulin called the first year of GDPR “a transition year.”