There is a missunderstanding on your part. The law is not what’s written but what the courts make out of it. Lawyers may have the experience to foretell that.
On the other hand I bet you have a better life with your belief until - if ever- you learn the difference the hard way.
Take the simple question: can you look at personal data on your monitor? What about Van Eck phreaking? Basically you are broadcasting the data. Do you need to protect against that?
The GDPR says that at the current state of technology it would take an undue effort to infringe someone's privacy in such a way, so the risk is unreasonable.
It's like worrying that someone will be struck by lightning because they're located on your property near an antenna you set up, and you'll be charged with murder because of that. Yes, it's possible, and about equally as likely.
It's worth noting, as well, that this part of the law hasn't changed at all. The changes to GDPR are about notification and a variety of rights. Protection for leaking data to unknown 3rd parties is exactly the same as it was.
I would estimate the frequency of the attack similar to Lightnings killing people. I’m quite sure it happens but only in very small scale because you have to get so close to the victim.
If the customer is choosing to display his data on his screen while under risk of Van Eck phreaking, it's on him.
If you choose to display customer data on your screen while raising funds for launching a new cryptocurrency in the Sultanate of Kinakuta from sketchy Chinese generals, it's on you.
On the other hand I bet you have a better life with your belief until - if ever- you learn the difference the hard way.
Take the simple question: can you look at personal data on your monitor? What about Van Eck phreaking? Basically you are broadcasting the data. Do you need to protect against that?
Tell me what GDPR says about that.