GDPR to be policed 'proportionately' in Northern Ireland
The Information Commissioner's Office (ICO) has said it will use its powers to police the new data protection law proportionately.
Big firms face fines of up to 20m euros (£17.5m) for serious data breaches.
Despite issuing fines in the past, some companies were still displaying poor practice, said the ICO's Head of Regions, Ken Macdonald.
It came into force on 25 May,
The rules give consumers new rights, including rights to find out what data is being held on them and to delete that information, unless a firm has a good reason to keep it.
'Get it right first'
The new rules give the Information Commissioner's Office (ICO) powers to fine firms up to 20m euros, or 4% of global annual turnover for serious breaches.
"Our key thing is let's get it right first," Mr Macdonald told the BBC's Inside Business programme.
"We don't want to be worrying about the breaches, because we want to prevent the breaches taking place.
"If they do happen, then we will be taking the appropriate action and serving the appropriate level of penalty for the breach."
He added: "Unfortunately, despite all these stories that we have, from the cases that we have taken regulatory action, security is a big thing, and people are still forgetting about it.
"They forget about, in particular, the paper records. Too often, I see people in public, reading personal, sensitive information. Too often, we fine people and organisations because papers have been left in bags at the train station, on the bus, etc.
"It's not just about the digital world, it's not just about encryption, it's about handling everything - physical and electronic information."
Inside Business is broadcast on BBC Radio Ulster on Sundays at 1330 BST and on Mondays at 1830 BST.