I hadn’t realized before last weekend’s episode of TWIT, that the GDPA was a rehash of https://en.m.wikipedia.org/wiki/Data_Protection_Directive?wprov=sfla1 from 1995.
My understanding is that this law was largely ignored by US companies because it lacked teeth, which the GDPA has.
It seems to me that the in the large fines are the only thing that forces companies to comply, and that without it, there would be no action on their part.
If the the purpose of this act was merely to make more, I would assume that the EU would instead make the fines much smaller, and hope that more companies would instead pay the fine rather than follow the rules.
Either way, anything that makes my data more secure and ensures my ownership of it is a good thing. If a company can’t make a product without stealing my data to make ends meet, then it deserves to go out of business. I am sure a better company will be able to do it.