The consulting companies use exactly the same MO that Y2K consultants used. Cherry picking case studies and data sets to make executives think the sky is falling when in reality it's not all that hard to be compliant with GDPR and it really is comprehensible by an average person spending a day or 2 reading up on it.
Exactly that. Working as a data analyst for my agency's clients I had more work in making sure my clients do not panic after having other consultants claiming, that the world will end and what not.
It is possible to comply with GDPR in most cases with not too much of an effort (I know some processual stuff is just boring and ugly, but doable).
It is possible to not have a cookie wall of horror, if you "just" want to do tracking (analytics) or first party onsite marketing.
It will get more complicated with personalized recommendations, profiling and stuff. I have to admit this - especially with third party vendors and such - will be a little bit more fun/challenging.
