It depends on what part of the GDPR you're against. I'm generally in favor of a lot of the GDPR's goals, but the execution is pretty clumsy and a few of the provisions are at best useless and impose unnecessary costs.
I wonder which ones specifically? I am reading into it because I am onto implementing it in our small company.
Everything is as in citation from GDPR:
"Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes
... implement appropriate technical and organisational measures ..."
1. Most things fall into this category: Lack of clarity in the law (and a remaining lack of clarity from WP29 and the Commission) about dozens of issues. The Privacy Professional community has been proactive about trying to get info on a lot of these items, but there's just not much coming, and in a few cases what has come out has either departed from what seemed like more obvious meanings or in some cases has muddied the waters further.
2. The essential ban on offering services, downloads, etc. in exchange for consent to use data reduces consumer autonomy and will decrease the availability of free resources.
3. It will be extremely easy to use SARs maliciously, and the law includes NO check whatsoever on this. All it would take to cripple many SMBs is for some jerk to spin up a website that provides a nasty SAR template (that the users don't even realize is such a burden) that random people on the Internet can auto-send to every business they've ever used under some innocuous-sounding reason like "See what information businesses have on you!" 99% aren't using data against subjects' interests, so the net effect of this alone (in the way it is designed) is potentially-immense costs for small benefits.
As a recommendation, the $250 my company spent on buying me a membership to the IAPP has been one of the highest ROI decisions in recent memory. It has saved me a ton of time and effort (and the company quite a bit of money) from the member resources available, and the members listserv is essentially free light consulting from people who have already dug into everything.
The more noise I hear those who work in "ad tech" and other fields that have been marching towards the destruction of privacy making about GDPR, the more confident I become that it might actually help.