Marit Hansen, the successor of Thilo Weichert at the head of the Schleswig-Holstein Data Protection Authority (DPA), has recently presented her 155-page activity report covering the years 2015 and 2016. Hansen highlighted, above all, the growing importance of European Union law for her supervisory and consulting activities. The upcoming GDPR thus is not a toothless tiger, but an instrument allowing for rigorous sanctions. In this respect, according to Hansen, one of the main goals of the GDPR has already been achieved – data protection is finally being taken seriously, the demand for first class solutions has risen and companies and organisations are using the training offered by the DPA. What remains to be done, however, is to adapt the Schleswig-Holstein state law to comply with the new privacy regime.