Re: GDPR to the rescue
"Recording the MAC address means it can be tied back to an individual"
Does it? If my home wifi router collects your MAC address as you walk by my house and I check the logs every day, how have I identified you and how do I hold any information about you?
You issue your GDPR request, what response should I give you? I have no information to do the lookup.
Now if I capture your MAC address and at the same time interview you and get your name, age, sexual preference and store it all in my SnoopingDB, then I'd agree with your point but in this case that doesn't appear to be what's happening.
Happy to be corrected.