Not necessarily. Another way of looking at it is that GDPR is forcing companies to eliminate a common dysfunction, while at the same time restricting their ability to play shenanigans with user data. The end result is companies that are more efficient at what they should be doing, and restricted from doing what they shouldn't be doing. A win-win.
(While many business people used to how things worked are unhappy with the changes, sometimes you really have to bludgeon a fix through the broken incentive structures that plague businesses.)
> Which in turn makes it easier to over analyse and identify user data, exactly what GDPR was meant to avoid.
GDPR "cares" about identifying user data - how else are you going to protect it and control access to it?
As for over analysing it (whatever that means), it really doesn't care too much about that as long as you have explicit meaningful informed permission from the user to do so, protect it properly, and let them control what happens to it (both during and afterwards).
Which in turn makes it easier to over analyse and identify user data, exactly what GDPR was meant to avoid.