Hardly surprising is it?
A lot of companies don't have, or can't really spare, the resources to determine exactly what GDPR compliance means for their specific operation. The companies that do have the resources still want to maximise profit and spend as little on implementing the damned thing as possible.
Result? Ill-thought out boilerplate implementation to avoid a fine manned by the lowest-paid, overworked script monkeys available.
I applaud the intentions of those behind the GDPR legislation but in many cases it's just made things worse. And oh god am I sick of hunting down the "get the f-out-of-my-face" button every time I visit a site for the first time and get hit with the cookie notice.