[Y-bar]

I work with e-commerce in the EU and my experience mirrors yours.

Almost all clients took an honest look at data collection and retention policies.

Data was classified and tools built around the GDPR framework to allow customers to be able to fully retrieve, request changes to, or delete their information from servers.

Most clients ended up collecting less data and retaining it for a shorter time.

All in all from my perspective it seems the law did much of what it was designed to do.