One important thing is that privacy is only one component. There's also market power. Even if you have GDPR, you're not necessarily going to address all the risks involving these data-opolies. That's number one.
Number two, to follow up on Bianca, is that there is some uncertainty, for example, when it's necessary to get the data in order for the provider to provide you the service. Greater clarity on that would be helpful.
Third, there are some measures in the GDPR that look hopeful—such as data portability—and can address some of the competition concerns, but one thing to consider is that data portability may not necessarily be helpful when the velocity of the data is at stake. Here's a good example: mapping apps. You can port your data for Google Maps, let's say, but that's not going to be helpful to a navigation app that needs to know where you are at this very moment. The fact that you can port data from six months ago is not going to help that new navigation app compete against Waze, which Google owns, and Google Maps.