GDPR = government overreach and over-regulation. Yes, we have to comply, and there are some aspects which make sense to protect consumers, but overall it's just too much, kind of like HIPAA in the USA. Only small parts are adopted and it simply canNOT be enforced without growing government even more than it already is (way too bloated). Sorry.
Are you sure?
https://www.identityforce.com/blog/2017-data-breaches
https://gizmodo.com/the-great-data-breach-disasters-of-2017-1821582178
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2017-33-8-million-records-leaked/
Seems to me that at least currently there is insufficient regulation and insufficient incentive for businesses to get their act together and keep our personal details safe.
(Note that it took me less then a minute to find these links - I typed "data breaches in 2017" in Google and clicked the top 2 links. There are a lot more results on that search)
(EDIT: Added one more link, the fifth search result, because it is an even longer list and because the author of that list expresses the hope that EU GDPR will lead to improvement in the near future - seems fiting for this discussion)
No one doubts that companies treating our data too loosely is a problem. This issue gets too political. Bottom line: if you believe government is the answer to your problems, you are for overreaching solutions such as GDPR. I just believe the regulation is too burdensome on business. In the case of a breach, that is when the government comes down on you with full force, and not before.