Did you read the law and then work on complying with it?
Spirit of the law is great. Implementation and end result is a typical bureaucracy mess, with not much benefit for end user, that functions mostly as a way for government to have a leverage over companies for non-compliance, whenever they want to put pressure on them.
While there are byzantine parts, I think it has been a net positive for the user.
People focus mostly on the cookie popups, but forcing companies to delete data after the user stopped using the service for too long, or even giving a legal stand on users requesting their data to be deleted wouldn’t have happened any other way I think.
In a lot of european countries GDPR came on top of other existing customer protection, but it helped make companies think about compliance as needed for continued business, instead of something akin to properly filing random local paperwork.
Spirit of the law is great. Implementation and end result is a typical bureaucracy mess, with not much benefit for end user, that functions mostly as a way for government to have a leverage over companies for non-compliance, whenever they want to put pressure on them.