All information centralizing in the hands of the few companies that can afford the consultants and lawyer time to figure out what the GDPR even means is an unambiguously worse outcome for people’s privacy.
I would go so far as “any company with a mature regulatory compliance function is an extreme threat to your privacy and not mitigated in any way by the GDPR” and “any company small enough to plausibly be found in noncompliance with the GDPR was never a threat.”
You make it sound nefarious. "Collecting" could be as simple as having a mis-configured webserver log that captures too much. Should a big company take measures to protect user data, and be penalized for breaches? Absolutely. Should a one-man-show app developer be slapped with a crippling fine for something slapped together just trying to see if he can make something people want and try out product/market fit? Only if your goal is to grant an unchallengeable de facto monopoly to the existing players.
Should we grant an exception from food handling regulations to new restaurants because they don't have the pockets to have chefs and kitchens as well equipped as big chains? Should we slap big fines on people that just want to try and make a new recipe using innovative ingredients?
For a better analogy, replace food with medication.
Yes and yes. Small food stalls and food trucks should not be held to the same standards as professional restaurants and franchises. Personal use of medications should be less restrictive than pharmacies.
I would go so far as “any company with a mature regulatory compliance function is an extreme threat to your privacy and not mitigated in any way by the GDPR” and “any company small enough to plausibly be found in noncompliance with the GDPR was never a threat.”