How does GDPR fit in to Google Analytics and personalised ads?

I would have thought it went something like: random identifier: not linked to personal info, just a collection of browsing history for an unidentified person, not under GDPR as not personal info.

Link to account: let them request deletion (or more specifically, delinking the info from your account is what Facebook lets you do), GDPR compliant.

Both Google and Facebook run analytics software that tracks users. I presume letting people request deletion once it’s personally linked to them is probably what let’s them do it? But I don’t live in a GDPR country, so I don’t know a whole lot about it.