The problem is that the only way a lot of these EU regulations can get through is by general directive: the intents and goals are agreed upon as a group, the implementation is left to the individual state. You can imagine how impossible it would be to get all European countries to agree on anything otherwise. On top of that, a lot of these rules do really need to be adapted to local national contexts to makes sense.
However, that also leaves plenty of room for exploitation, like the stuff you mentioned. I'm sorry to hear the GDPR is being abused this way.
Perhaps if it's hard to get agreement that's a good thing? Then only things that are truly agreed to would happen at the EU level. That seems like a feature of the system, not a bug.
The GDPR was implemented as a Regulation, not as a Directive, which means it wasn't adapted; the original text was directly applied to every EU nation.
Of course, there's still the problem between the law and its enforcement. But that's often a problem even inside a single country.
However, that also leaves plenty of room for exploitation, like the stuff you mentioned. I'm sorry to hear the GDPR is being abused this way.