Maybe visible, but as someone who works in EU, behind the screen there is a lot more emphasis on either not collecting data, or being more strict with what you collect and how you collect it.
PII data identifying, documenting it, and periodic review's of that is becoming standard procedure.
I remember when GDPR was announced, where for most projects, there was not anyone who could tell you for any given project, what all data is being collected and stored where.
So GDPR did have positive* effect at least with the part of the market I am familiar with.
