Not really. The GDPR is overridden by various laws relating to national security, terrorism laws, and whatnot. It does not prevent or forbid EU nations from collecting intelligence on their citizens.
It does prevent unlawful access and unlimited data collection by corporate entities. (Including fruit of poisonous tree doctrine.)
What the ISP doesn't collect or process, cannot be had as historical data for court cases for example. Albeit the GDPR exemption is pretty open for "required to provide service" data processing.
Wiretapping is a separate matter.
Most importantly, any third party data processing and sale has to be clearly outlined including purpose.
For what it's worth, Poland is surprisingly good about this:
- as an ISP, you're required to retain data for a year that would let LEAs map an IP address you manage to a subscriber. If you're giving out public IP addresses to your customers, this can be just an excerpt from your IPAM.
- as an ISP, you cannot give out this data without a court order, and you will be in violation of data protection laws if you do do.