How about you try answering this question I posed to you
What is your point here? What is your point when you say that the EU is not litigious? Are you saying that I shouldn't expect to receive a fine for violating GDPR? Are you saying that I should just ignore GDPR data access requests if I am operating in a supposedly ethical manner and I am not selling user information?
I didn't see any question in there. My answer though is: respond to the request (which shouldn't be as hard as some are making out), but don't worry about fines unless you've been misusing the data or repeatedly ignoring warnings.
That's not how laws work. Someone has to prove they are innocent if another person claims they aren't to regulators. There is a cost to that. There is no way the law can know perfectly who is 'misusing data' beforehand.
You've posted dozens of comments in GDPR flamewars. This sort of high-quantity, low-quality controversy quickly gets extremely repetitive and thus is off topic in addition to breaking the site guidelines (https://news.ycombinator.com/newsguidelines.html).
Since that's all this account has done and we don't allow single-purpose accounts here, I've banned it. Please don't create accounts to do this with.
a) They are doing the thing we have collectively decided is bad for society (misusing personal data)
b) Do nothing about this when somebody invokes one of their new legal rights, whether that be to retrieve the data you have on them or remove the data you no longer have a grounds under any of the six legal basises to store (which includes 'consent', which can be revoked, as well as five other bases which cannot be revoked but have more limited scope with what you can do with the data)
c) Be reported for this
d) Refuse to work with the compliance group
At this point, judging by how the EU has historically used fines as an enforcement mechanism, you're looking at a small fine designed as a wakeup call. The 20 million EUR figure (or % of revenue) is a _cap_, not a floor, and the EU has never gone for maximum fines except when it is obviously required to enforce compliance.
What is your point here? What is your point when you say that the EU is not litigious? Are you saying that I shouldn't expect to receive a fine for violating GDPR? Are you saying that I should just ignore GDPR data access requests if I am operating in a supposedly ethical manner and I am not selling user information?