Ultimately the EU is going to have to come up with a detailed compliance framework. The wording of the GDPR is too high-level and we can't trust companies to self-regulate.
What? The wording is really not high level, it is highly detailed. The fact that we refuse to acknowledge it is not due to the language not being detailed enough