You've posted dozens of comments in GDPR flamewars. This sort of high-quantity, low-quality controversy quickly gets extremely repetitive and thus is off topic in addition to breaking the site guidelines (https://news.ycombinator.com/newsguidelines.html).
Since that's all this account has done and we don't allow single-purpose accounts here, I've banned it. Please don't create accounts to do this with.
a) They are doing the thing we have collectively decided is bad for society (misusing personal data)
b) Do nothing about this when somebody invokes one of their new legal rights, whether that be to retrieve the data you have on them or remove the data you no longer have a grounds under any of the six legal basises to store (which includes 'consent', which can be revoked, as well as five other bases which cannot be revoked but have more limited scope with what you can do with the data)
c) Be reported for this
d) Refuse to work with the compliance group
At this point, judging by how the EU has historically used fines as an enforcement mechanism, you're looking at a small fine designed as a wakeup call. The 20 million EUR figure (or % of revenue) is a _cap_, not a floor, and the EU has never gone for maximum fines except when it is obviously required to enforce compliance.
Since that's all this account has done and we don't allow single-purpose accounts here, I've banned it. Please don't create accounts to do this with.