There are gaps in the law. If data are to be properly protected in the current deficient framework, the trust that must be placed in the company becomes a particularly important factor. We should therefore stay away from less trustworthy companies, obviously.
On May 29th, 2020. See this statement in context.