Yes, yes and thrice yes.
Been saying all year that most of the important stuff in GDPR was already in the DPA legislation. All they needed was to link the fines to turnover.
On the other hand I'm somewhat concerned that the much heralded portability rights will backfire.
Used to work for life assurance companies and your competitors could find out a lot about your products from the personal data you retain vs what you discard.
It'd probably result in you having to keep even more customer data to help mask the really useful stuff