CCPA finally went into effect this month. But, CAN-SPAM and GDPR have already been on the scene for a while. Yet, according to research by Talend, 58% GDPR-relevant companies haven't even addressed data requests in a timely manner! And, studies indicate 21% of email recipients have been reporting email as spam. So, the bigger question is do you believe these privacy laws can help reduce data privacy breaches?

While some companies may not be properly implementing or adhering to the new regulations, for those that do follow it, there is a much more rigorous approach to managing data being put in place. The examples you mention relate more to privacy vs data protection.
In the case of my prior company, we put in place much more rigorous approaches for when we were permitted to email customers and prospects. We required double opt-ins and a much clearer approach for opting out. And we involved our legal team whenever we leveraged the "legitimate interest" clause of GDPR. We took the laws and regulations very seriously and upped our game when it came to data privacy.
Regarding data breaches, the laws require clear definition of roles (e.g., "data controller", "data processor")  and much stronger accountability when data is breached. There's no guarantee that everything will happen properly, but the incentives are in place for those defined roles to follow the rules.