I evaluated the UK implementation of the Directive perhaps ten years ago as mine was, at the time, a UK company.
I found it to be such a joke that we decided that, as the data was held in servers in France, we would apply French law, which at least does give individuals real rights.
I have no idea why the UK came up with such a horrible implementation. If their intention was to be "business friendly" (at the expense of screwing consumers, of course), that has backfired spectacularly. We, as a business, have every possible interest in consumers having clear and effective rights, otherwise we haven't the faintest where we stand and it's all headaches in the long run.
Not long after this we decided to close the UK side of the business. Turned out to be a much more sound decision than we expected.