It took EU enforcement eight years to enforce obvious violations of the law for a few companies. The illegal nags are still rampant.

And e.g. Meta (and many newspapers) already has a new obviously illegal tracking scheme with the "pay to not track".

The intended effect of GDPR would have been easily gotten with legally binding do-not-track and similar automated means. Very few people want to be tracked, but most of them are against their true consent.