EU judicial practice is a little different than in the US and, while GDPR was introduced with a lot of fanfare, the expectation was that there would be little court action in the first two years with data commissioners expected to help website owners understand what they have to do. Nevertheless, in some countries quite a lot has already changed: one of my customers now sees around 35% website traffic than before adopting opt-in only statistics and contracts for data processing, with attendant liabilities are becoming more common. This, together with the scrapping of being able to choose which jurisdiction for any court cases, one of the reasons why Ireland was so popular, will put pressure on larger companies and inevitably their suppliers.
Most international companies have already adopted most of the practices that GDPR mandates for most of their countries because it simplifies procedure and reduces legal risk, especially important in California, home of the class action.