It does prevent unlawful access and unlimited data collection by corporate entities. (Including fruit of poisonous tree doctrine.)
What the ISP doesn't collect or process, cannot be had as historical data for court cases for example. Albeit the GDPR exemption is pretty open for "required to provide service" data processing.
Wiretapping is a separate matter.
Most importantly, any third party data processing and sale has to be clearly outlined including purpose.
