As many big tech companies have European headquarters in Ireland, the country has become ground zero for some of GDPR's first big cases. The Irish Data Protection Commission is currently investigating Facebook over a security breach in September that exposed the data of 29 million users, including 3 million in Europe.
"Over the coming months we will conclude our investigation into that matter and we will provide a very fair and thorough assessment of the facts," Sunderland said.
Companies that fail to comply with GDPR face fines of up to 4 percent of global annual revenues or 20 million euros, whichever is bigger. For Facebook, this could mean as much as $1.63 billion.
Ireland's Data Protection Commission is also investigating Twitter over claims the company failed to provide a user with requested personal data. The "right to access" is a key pillar of GDPR that allows consumers to see how companies are using and processing their data.
"It's a very important issue for our office that we will thoroughly and fairly assess and investigate," Sunderland said.
GDPR has put Europe at the forefront of tech regulation as companies face increasing scrutiny over their use of personal data. At the International Conference of Data Protection and Privacy Commissioners in Brussels Wednesday, Apple CEO Tim Cook praised Europe's new rules and called for comprehensive federal data privacy regulation in the U.S.
Sunderland said GDPR has emerged as a leading framework for other data protection authorities around the world. He added regulators, companies and governments need to consider emerging technologies, like artificial intelligence, in the conversation about data protection.
"To be an effective regulator we must keep at the cutting edge of our understanding of technology and technological advancements," he said.