My understanding (I could be wrong - IANAL and I haven't read the 80 pages) is that GDPR takes a somewhat countervailing view. SSN data breaches would be treated the same way as, say, whether someone likes the Beatles. The problem with GDPR from my perspective is its Draconianism.
This is by the way the same problem with the various restaurant analogies. It makes some sense for the health department to inspect large restaurants. It would make no sense for them to subject neighborhood cookouts to the same degree of scrutiny.
GDPR seems to be based not on actual harm that could occur based on invasive, sketchy or otherwise bad data storage practices; instead, it seems based on a subjective idea that people have "fundamental rights" to various forms of state-mediated protection in relation to technology. Rights are unequivocal and almost entirely uncompromising.
This is by the way the same problem with the various restaurant analogies. It makes some sense for the health department to inspect large restaurants. It would make no sense for them to subject neighborhood cookouts to the same degree of scrutiny.
GDPR seems to be based not on actual harm that could occur based on invasive, sketchy or otherwise bad data storage practices; instead, it seems based on a subjective idea that people have "fundamental rights" to various forms of state-mediated protection in relation to technology. Rights are unequivocal and almost entirely uncompromising.