Very few companies (care to) understand GDPR and the full extent or its reach/scope. Most think that it's all about "adding the privacy policy to our website" and that's it.
When the flood of letters starts, THEN they will feel the true pain/essence/extent of GDPR.
E.g. when my bank will get MY letter asking them who they share my data to, and asking them to STOP sharing my data with friggin FB (WTF???) on their app.. it will be fun to watch them squirm.
I have yet to see a GDPR article with concrete , worked out example cases. I think EU should have published such a guide out. The law is more vague than a gospel.
When the flood of letters starts, THEN they will feel the true pain/essence/extent of GDPR.
E.g. when my bank will get MY letter asking them who they share my data to, and asking them to STOP sharing my data with friggin FB (WTF???) on their app.. it will be fun to watch them squirm.