[skinnymuch]

The OP initially says if you’re small time they likely won’t target you. Are you really saying if you’re super small time, the EU is going to go after your payment processing? Of course anything is possible. It seems highly unlikely though.

Then his/her last point is that they’ll give you a chance to correct things.

Your post doesn’t seem to cover that either.

[bigbugbag]

The way it's been done in the past, it usually starts by notifying you and giving you reasonable time (a month) to fix things then move up to sanctions.

But this is not a given every time and not everyone goes the nice route, some go directly to court. So when you are a small fish, you are better off doing your best to follow the GDPR in the first place than scrambling to avoid sanction in a limited time later. it is not that complicated to not collect data you don't need, ask before collecting it and informing about what you do with it.

[dpark]

> it is not that complicated to not collect data you don't need, ask before collecting it and informing about what you do with it.

This is not all the GDPR requires. You’re just describing traditional Privacy Policy.

[infinitismal8]

They will go after you the moment you become bigger and if you are person running a business one of your hopes is that you won't remain small time forever