And I remind you that you have still not cited a single benefit of the GDPR to counterbalance its already observable evils.
Actually I did. The Internet has taken a hard dystopian turn the last 15 years. Basically companies have been encouraged to extract as much personal information as possible on their customers and "customers" as they can, whether or not they need it (and they usually don't), because their share price will be higher if they do. To add to the injury, their data security is generally shit, so all your data will pretty much be in the hand of American, Chinese, Russian, and probably other intelligence agencies, plus whatever data freelance hackers come over for resale.
And how does this counterbalance the evil? It
is the evil.
In the 90's the situation was not so evil. Generally in the services I used, when I stopped using them, the account would self-destruct after a while. A few warnings arrived by email and when I took no action,
right to be forgotten happened by itself!
GDPR allegedly revolves around
right to be forgotten but it is not even attempting to return to those good old times.
I am no great fan of consent, because it is not truly informed. With GDPR it is less uninformed, much simpler, and opt-in instead of opt-out. Opt-ins annoy you, but opt-outs aren't consent. Simpler opt-ins means something that can be tracked for you by the browser, which I imagine it will eventually.
In European Union there is nothing to distinguish opt-in from opt-out. Opt-in and opt-out may exist in USA (and probably un UK), but not in (continental) Europe.
In European Union, there is just one thing: consent. And, with GDPR, it is consent loudly over any alleged rights. The consent is there for you to give consent to whatever the privacy policy demands of you, even though the privacy policy (or, more correctly, the popup for the public to give consent to the privacy policy) has no business to be there in the first place.
Right to be forgotten is a winner, as is right to access. This gives us access to the same information as the data aggregators have, and we can get them erased. That includes data passed on to other parties. A company can no longer sell data and not care where it is going.
Yes, these rights are cool, but GDPR does not address these rights. It does not give you the right to be forgotten. It does not give you the right to access.
GDPR does the opposite. GDPR demands websites to
block public access unless the public acknowledges that they accept to be tracked by cookies, i.e.
the public must give up the right to be anonymous even when they are not signed up or logged in.
Selling personal/confidential data was always illegal. All that needs to be done is to enforce the laws we already have in place. The GDPR should have stopped the practice of writing outrageous things in privacy policies that portals and webservices make you sign when you sign up. Does GDPR make privacy policies sensible and uniform across the board? I guess not.
Most people would not actively get their data deleted, but with activists enough would to set up a system where this is easily achieved. In other words accountability will be built in, and with opt-in everyone benefits.
As long as the self-destruct scheme of unused accounts is not a legal requirement, the situation of zero accountability and outrageous abuse will continue. In fact, it just worsened, because we are made to give consent to random privacy policies that nobody will ever read, and which for this reason should be legally required to be sensible and uniform across the board.
The problem is that privacy policies are stupid nonsense that are not worth reading. They are unlawful to begin with, that's why the only right thing is to ignore them. The effect of GDPR is that we are required to give consent to them even when we are not signing up or logging in anywhere.
This is further enhanced through privacy by design and privacy by default. This pushes companies towards minimal data gathering and retention rather than today's maximum and reselling. These don't have much teeth though, but those can be added later.
Finally there are clearer requirements for safeguarding data and reporting breaches. That matters as well. Probably wouldn't stop the aforementioned intelligence agencies, but would give us better checks on the rest.
You have bought into this bs so deeply there is no way helping you out of it.