[The_Magistrate]

GDPR isn't enforceable in jurisdictions that don't have corresponding local laws. Take Privacy Shield in the US - this is an agreement betwee the US government and the EU stating the FTC and Chamber of Commerce will act as the supervisory authorities for GDPR enforcement against companies registered in the US.

You're right, the fundamental functioning of Google, Facebook, et al. won't change. They will update their privacy policies, and give users access to view, update or delete all of their information more easily. The uses of that information will be disclosed and there will be consequences for misuse or failure to protect that information. GDPR is setting expectations for the protection of data previously where it was an anything-goes or minimum-effort policy.

I can see how those opposed to government regulation would hate GDPR, but no other industry standard on data privacy has gained traction and data breaches are happening more frequently at the expense of real people.