Right now, people I don't know at various companies have access to databases with my personal information. Those same people will still have the same access and opportunity to misuse my personal information, but under GDPR I can know what personal information is stored. I could also demand it be deleted, but that doesn't apply to data that's already been shared or under control of other parties.
GDPR is far wider than that; you're just looking at it from the end user perspective because GDPR isn't just allowing the user to enquire about their data.
For a company to be GDPR compliant they also have to satisfy the regulators and that includes limiting access to data to only those that need it, knowing who those people are and putting measures in place in case of a breach.
How? What procedure improves security?
Right now, people I don't know at various companies have access to databases with my personal information. Those same people will still have the same access and opportunity to misuse my personal information, but under GDPR I can know what personal information is stored. I could also demand it be deleted, but that doesn't apply to data that's already been shared or under control of other parties.