> IMHO GDPR was to prevent malicious use of personal data.
Who decides what counts as "malicious" use of personal data? The EU? The government? The courts? Google? Facebook?
The GDPR goes some way to putting that decision in the hands of the individual whose data is being used.