Europe’s data-privacy law turns 2. Has it actually made our information safer?

Do you think that GDPR really did change the way that companies think about data and privacy, or that this ongoing awareness campaign will lead to a philosophical shift at companies?