“Sunrise day” for the GDPR is 25 May. That’s when the EU can start smacking fines on violators.
Simply put, your site or service is a violator if it extracts or processes personal data without personal permission. Real permission, that is. You know, where you specifically say “Hell yeah, I wanna be tracked everywhere.”
Of course what I just said greatly simplifies what the GDPR actually utters, in bureaucratic legalese. The GDPR is also full of loopholes only snakes can thread; but the spirit of the law is clear, and the snakes will be easy to shame, even if they don’t get fined. (And legitimate interest – an actual loophole in the GDPR, may prove hard to claim.)
Toward the aftermath, the main question is What will be left of advertising – and what it supports – after the adtech bubble pops?
I’m skeptical of the GDPR actually changing anything, but who knows.