Yeah, that's more the point; in discussions with clients I very often get asked how far we can go without any consent. Most companies want all the privacy ignoring stuff and they don't want to tell their users about it.

Realistically you won't be caught analyzing server-side logs of things the client is doing anyway, even if you don't follow GDPR rules with those logs. But they want Google Analytics, right?