Probably using off-the-shelf analytics because rolling your own analytics takes time away from solving the central problems your users are paying you for. No one is _using_ the data. It's often not even really PII except that GDPR's net is incredibly broad.

I have not seen GDPR reduce the amount of data people track. It's just resulted in piles of cash being burned on lawyers' advice to make sure the company has as little GDPR-related liability as possible. Subprocessor agreements, updated Terms and Conditions, etc.

Some good has come out of it, such as less backup retention, and some basic data breach plans, but a lot of it is theater.