But that's the reality. At least they're working on it and the fact that a lot of companies massively overreact means they at least take data protection serious now.
You don't ignore a law for 2 years and then just after it comes into force say "at least we're working on it". Honestly I thought the GDPR was a bit of an over reaction when it came out 2 years ago but seeing how little respect companies have for our data over the last few weeks I've been convinced it was necessary.
As an engineer, with as much else is going on on a day to day basis it's not surprising. A lot of the vagueness around the GDPR still hasn't been resolved, nobody wanted to get a head start just to be told "oops, we actually meant this" and have wasted countless engineering/lawyer hours as a result.
You would only take that liberty if you didn't have much respect for the law and its ability to touch you. I suspect companies are a lot more careful with each years new IRS rules even though they don't yet have case law and are often issued on much shorter notice.
Companies directly lobby the laws that affect the IRS on a year-to-year basis and have a lot more knowledge about it. It is hardly as vague as this was. I very much do respect the laws when I can, but I'm a US citizen, and my projects don't make enough money for me to ultimately care about the GDPR/EU. I just blocked them for .. ever, probably. You're really targeting people here, sorry I disagree?
I am not speaking of you specifically because this is about the behavior of companies and not personal projects.
There are companies, OP being one (a subsidiary of Pinterest) that have presence in the EU and are essentially playing chicken with the regulators. Blocking users but keeping their data is not compliance, nor are dialogs telling users you plan to carry on as normal. Companies do not do this with the IRS because they would be afraid of the consequences.