Actual punitive measures taken against entities who e.g. manipulate personal data in a negligent way. [1]

Which was much harder to achieve before.

[1] https://www.enforcementtracker.com/

Right to be forgotten - you can ask companies to delete data they hold on you.

Data ownership/portability : you can ask companies for a copy of all data they hold on you or related to you.

I’ve seen the latter used by job applicants to get an entire copy of their interviews, transcripts and assessments including the reason for not being hired.

It's really a wonder how every time gdpr is even remotely related, there's always gotta be someone complaining about how gdpr is at fault for the cookie/data prompts, and never that sites and advertising companies (and their 2137 partners) are at fault for actually making those prompts as annoying as possible in hopes that you just agree.

It makes you aware a site is selling your data or is otherwise tracking you because otherwise they would not need a banner to request for consents to do so :)

Since people still seem to conflate the two, let me say it loud and clear:

GDPR HAS NOTHING TO DO WITH THE COOKIE PROMPTS!

In the UK open banking was essentially a response to GDPR this has allowed (to a limited extent) a variety of tools to be built on top of bank accounts that others would not have been.

GDPR doesn't apply in the states, but hopefully it provides for some punishment for the poor security here for EU customers. Of course, then some Americans will get mad that a US company has to follow EU law.