This is an almost undefined concept. Data is not copyright, they are observations. Plus for many kinds of data ownership is hard to define, e.g. genetic data which is largely shared by all of us.
That's basically it. So it's not an 'undefined concept', it is extremely clear and the text of the law is actually quite legible so there is no real reason not to be informed about this if it affects you in any way (which it likely does).
The idea that data is "property" or that it is "owned" by anyone is not codified in law. And as an analogy for how GDPR works, I think it's more harmful than helpful. I see GDPR as rejecting the idea that data has an owner, more than anything.
GDPR says that the data subject has rights to data about them. If you want to put a label on it, I would say that legally they are a stakeholder in their own data. One stakeholder of several. Not necessarily the most prominent one. GDPR gives you a seat at the table, but it doesn't actually put you in charge, the way that "ownership" implies.
The company that collects & processes the data is still the one making decisions like: What data is being collected? What is it used for? What is the Legal Basis for data collection? What Processors will the data be sent to? What countries will the data be processed in? They have a lot of leeway in how they answer these questions and still be compliant with GDPR.
So for that reason, my view is that GDPR says there are multiple stakeholders will different rights to how the data is handled. Which if anything is a rejection of the idea that the data has an owner. Certainly you have rights to the data, but some of those rights have limits, and the Controller still has right as well.
The data subject, as I think, is the owner. They have rights over how and when their data is used & e.g. have a right to be forgotten.
They do not, however, always have the power to exercise their 'full' rights in cases where they've entered a binding contract. Such as trying to exercise the 'right to be forgotten' with a company who provided a loan they've defaulted on. They do however have the right through law to instruct the controller to use the data in the bare minimum ways they need to reasonably execute the contract.
A reasonable data protection legislation needs to side with the controller in some situations else it would be otherwise incompatible with modern society / law.
It certainly does help more than harm imo, especially when it comes to marketing / advertising.
Data collected indirectly to would for instance be data used to 'enrich' a profile, for instance by buying it from a third party. That data would still show up in a DSAR, but it would likely not be private data because no company is stupid enough in the current climate to sell that without a very good legal review. Data collected surreptitiously (for instance, GPS location information, device IDs and such) count as user supplied for the purpose of the GDPR, and collecting that without consent and disclosing that you are collecting it and supplying a legal basis for processing is illegal.
I think you're trying as hard as possible to misunderstand it.
