After getting exhausted of receiving so many GDPR emails all of the sudden, Owen Williams from the Netherlands built a website called the "GDPR Hall Of Shame", where he calls out companies that implement GDPR poorly. Facebook is no exception. The ability for different data protection authorities to cooperate on challenges that affect data controllers that operate in more than one member-state has been touted as a benefit of GDPR, for example.
Companies are also required to give European Union users the ability to access and delete data and to object to data use under one of the claimed reasons.
"In most cases, the email request was unnecessary at best and a poor business decision at worst as they are finding that their marketing database is rapidly shrinking", he said.
That's how as many as 87 million Facebook users had their profiles land in the hands of a political operative.
The right to data portability: This means you can download your data and take it to another service.
A spokesman for the Irish Data Protection Commission noted that Mr Schrems's complaints were made to other European Union data protection authorities earlier on Friday and that they would be forwarded to the Irish regulator should they come under the GDPR's "one-stop shop mechanism" that brings matters relating to Facebook and Google to the Irish authority given that their European Union headquarters are based in Dublin.
A major focus of GDPR is that companies will not be able to use vague or confusing statements to get you to agree to give them data, which means it could have a far-reaching impact on some of the biggest technology firms in the world including Facebook and Google.
Requests for personal information a company holds on you must be responded to within one month, with some allowances for extensions.
The law widens the definition of what will be considered personal data.
As the rules took effect on Friday, websites, apps and electronic services across Europe were displaying pop-up messages notifying users about new data policies and asking for their permission.
There's also a somewhat vague category called "legitimate interests".
It covers everything from giving people an opportunity to obtain, correct or remove personal data about themselves, to outlining rules for disclosing security breaches, to providing easily understood privacy policies and terms of service. If that's the real problem, the laws will make a difference by making businesses think more deeply about what data they collect and why, and GDPR may improve the quality of the Internet.
The punishment: The worst offenders can be fined up to 20 million euros ($23 million) or 4 percent of their revenue from the prior year, whichever is greater. Companies now have to offer you the option of downloading all of your data, just like Facebook did after the Cambridge Analytica scandal came to a head.