Title says it all, a look at GDPR one year later.
Yep, it has some good things, and some bad things.
The bad things are mostly due to the vague wording of it. For a while, I shut down EU access to a masto instance, because I didn’t want to deal with hiring a DPO in the EU.
Now, I take the “Try and sue me” approach. Good luck, no US judge will lay the fine in a US court.