I have no data on enforcement but since it went into effect, every place I've worked has taken it very seriously so it has definitely had consequences, very positive ones in my opinion.
Same. Used to work for a government agency, and our test data was just replicas of the prod database. Little access control, and PII was floating everywhere. It got really tightened up to be ready for GDPR.
And then every company since have also been very stringent and conscious about privacy. It's just part of being a good engineer in Europe. The same way you think of how a feature will be performant or maintainable or secure, you also automatically think about privacy implications and raise any issues.
