Since its entry into force in May 2018, the General Data Protection Regulation (GDPR) has been considered the central framework for handling personal data within the European Union. Its aim is to strengthen citizens’ rights in the digital space and to obligate companies to practice transparent and responsible data protection. Despite its pioneering status, the…