The current business paradigm, structured by big tech firms over a decade ago by which individuals willingly provide their personal information in exchange for a service may be reaching crisis point.
Over time, unenforced regulations simply get ignored and become useless. It is likely that things won’t change until the regulators make them change, and they will have to go sooner or later through a harder enforcement line.
Quite a lot will now go down to the regulator’s appetite. If they are inconsistent, too heavy-handed or too lenient, focus only on the GAFA, or pick the wrong battles with small firms, they will dilute the act, endanger their credibility and lose momentum.
The bottom line, I think, is that (regardless of GDPR and its jurisdiction) a mutable company can’t afford to have a breakdown of trust with its customers and other stakeholders – as Facebook is discovering. GDPR may simply be a catalyst for bringing data-related trust issues to the surface.