The GDPR provides for the "one stop shop" privacy rule which might be of difficult implementation for multinational companies that could still face disputes in several countries.