Further to our comments earlier in the year, Tim Cook has now advocated for policies similar to GDPR in other major markets. He made these statements in Brussels so there is likely an element of appeasing the European regulators. However, the language that he used was strong and included terms like "tech firms weaponising data".
Our experience with regulations is that they often start in a single market, before being adopted more widely by other markets. With data privacy, as data breaches continue, the calls to protect personal data will only get louder. Regulators globally will be forced to implement regulation quickly and will undoubtably look to GDPR in Europe as a starting point.
Regarding fines under GDPR, Facebook have recently notified the European regulator of a recent data breach. This will be the first test of GDPR for a major firm and those fines of 2% and 4% of global revenue really sharpen your thinking when you look at Facebook revenues.
Message for Australian firms. If you have European clients and therefore data then you need to be complying with GDPR already. It's not to late to tackle these compliance issues. If you don't have European clients, then don't think that this regulation will not impact you. It is only a matter of time before this type of regulation is global.