The second point could be a little confusing, but the Times quotes Electronic Frontier Foundation director Danny O'Brien to make it easier to understand. "A birthday cake company needs your name to put on the birthday cake," he said. "If it isn’t essential information, you can deny them consent to use that data and you still have to get the service."
Companies are sending out these emails to share the policy changes with users and, in most cases, to request users accept the terms and opt-in to the company's data collection policies. Companies that aren't compliant with the regulations could be fined up to 4% of their global revenue. (Though, it remains to be seen how strictly fines and regulations will be enforced.)
There are other pieces to this, though they aren't necessarily the reason you're getting way too many emails. For instance, the GDPR expands what is considered "personal data" in the EU and requires that companies can explain to users exactly what is being done with data that is collected. Users also have "the right of access," which means companies must provide access to your personal data if you request it. While these are all a part of the GDPR, these are benefits that won't necessarily extend to Americans. Nonetheless, there are plenty of benefits that will extend to people in the US.