Enforcement is a major issue for most countries. I once asked for a data export from GitHub and GitHub said becuase I couldn't prove 2fa I couldn't prove I owned the account. The account was in my name with my profile picture, I can prove who I am via Passport. I'm legally entitled to know what personal data they have of me and to get an export. The Netherlands were very wishywashy and basically too lazy to do anything about it, probably because they were overworked.
GDPR, mostly seems like an annoyance to developers while providing little actual benefit to users since countries aren't willing to enforce it and even if you do take it to court yourself the courts aren't doing much. In once case, a German court found that a company breached GDPR by using Mailchimp but because they stopped using Mailchimp they didn't fine them, for the breach. That is realistically a complete joke of a judgement. And honestly, there are lots of judgements that are basically similar.
GDPR, mostly seems like an annoyance to developers while providing little actual benefit to users since countries aren't willing to enforce it and even if you do take it to court yourself the courts aren't doing much. In once case, a German court found that a company breached GDPR by using Mailchimp but because they stopped using Mailchimp they didn't fine them, for the breach. That is realistically a complete joke of a judgement. And honestly, there are lots of judgements that are basically similar.