You have no control over what they're doing with that data. Your insurance provider might be very interested in how often you buy those delicious discount donuts, the police might be very interested in the fact that you bought several items that together could form a bomb making kit, or murder cleanup kit. You could end up on a no-fly list just doing your weekly shop.
It would be illegal for insurance companies to use it (and questionable how good the data for this is, because it's not collected with this goal in mind). You can't really buy "items that together could form a bomb" or "murder cleanup kit" at Tesco and police aren't regularly scanning all of this anyway, which would be pointless as the data is so noisy to be useless. None of this has a connection to reality.
You really don't though. You can either pay more, or go to another supermarket with a similar scheme. Doesn't really seem cricket, am I really loyal for buying bread or cheese because I needed them and this supermarket is in my neighborhood?
I don't know where you are in the world, but in the UK it is really common to have multiple supermarkets in spitting distance of each other. Most of them deliver if you're not in the neighbourhood. And not all of them offer loyalty schemes.
GDPR is great and all, but it only takes one rogue employee. I speak as someone who had their data sold by a rogue Aviva employee to scammers all over the world. Which made my life hell for several years.
If someone is going to offer discounts anyway, then I want discounts on things that I'm likely to buy.