It's super effective and is making all companies pretty damn privacy conscious all of a sudden - except they also still violate it. The problem is that they will find ways to skirt around the edges of the GDPR as much as possible - or straight violate it in the hopes that nobody will find out.
> "The problem is that they will find ways to skirt around the edges of the GDPR as much as possible"
Many companies like to believe that, however the GDPR is pretty strict in certain regards. And such companies continue to operate only because no data protection authority has targeted them yet.
There's also the matter that many US companies have ignored GDPR due to not having a legal entity in the EU, but unfortunately for them there are trade agreements in place between the US and the EU, which makes the GDPR enforceable for companies having EU users / customers, even without a legal entity in the EU.
Give it time. And send complaints to your local DPA about violations that you see, because it does help.
