Why is the GDPR an requirements nightmare? It's one ruleset for the whole EU instead one ruleset for each EU state. And the GDPR seem to be not more complicate than the individuel laws where before.
It isn't? Are we talking about a different regulation?
I quote from the title of 2017/0003/COD
COM (2017) 10:
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL concerning the respect for private
life and the protection of personal data in electronic
communications and repealing Directive 2002/58/EC
(Regulation on Privacy and Electronic Communications)
See, there's this thing called context: the meaning of the word changes through the surrounding words. If there is a word "repealing" in text, this does not usually mean "everything that's related is repealed" - it means exactly what it says on the tin: "repealing Directive 2002/58/EC" - nothing about repealing the existing state-level legislation (to repeat previous context, "It's one ruleset for the whole EU instead one ruleset for each EU state.")
My point still stands - you still need to conform to both GDPR and the state-specific legislation.
It may be that I am the one who is misinformed here. My understanding was that 2017/0003/COD was about creating a replacement for 2002/58/EC. I haven't read all the documents, so I could very well be wrong.
But assuming that I am right, then a replacement directive would simply cause the states to update their laws and nothing would really change in terms of complexity compared to the situation before.
If it just then 4% of revenue fine could well be 0 for startups. I presume they have some provision to prevent 0 euro fines, does anyone know about that provision?
From the wikipedia page: "fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater"
In other words, it's not a replacement: it is an additional set of rules to keep (although most of it would be a superset of various national laws).