The General Data Protection Regulation may be a universal law for the European Union, but that doesn’t mean it will be applied equally. After all, 28 different countries will handle enforcement. That means Germany, for example, is expected to be tougher on enforcement of GDPR than elsewhere on the continent given data protection is conducted at a state level. Conversely, the U.K. has traditionally been the member state to push back against any overtly data-privacy regime that could impede global trade. The cross-border differences have left some companies confused as to what to do; some are considering country-specific strategies, while others like AppNexus mull a strategy for Europe as a whole. That there is still such trepidation over how GDPR will be enforced in eight months is emblematic of its ambiguities. “When it comes to how the law is going to be enforced on foreign companies we are still awaiting guidance [from regulators],”said Nathalie Moreno, a partner at law firm Lewis Silkin. “I’m often asked how the regulators are going to enforce it, and my guidance is that there are some data-protection authorities that have a culture of fining and will continue to do so, while there are others that have more of a business-friendly approach, and they will carry on enforcing in that way.” Get the full story at Digiday