[Klathmon]

But again, this isn't the core aspect of your business. You might do this for the cleaning products, but will you do the same diligence for the lightbulbs you use? The paint on your walls? The apps on the phones of your employees?

That's a LOT to ask.

I shut down a side project that stored some cookies on the browser for some small settings, and allowed users to upload images of stuff they made in the browser to imgur if they wanted. After looking at the GDPR, I decided to shut it off. I don't have the time or ability to properly vet all of the possible places a users information could end up (user's information in this case is possibly an IP address which the hosting provider might have, but i don't know or have a way of knowing, and the image that they created in the browser which can optionally go to imgur), and the project made me a total of $11 of profit, and from a lawyer I talked to at my main employer, just blocking EU users isn't enough.

[simion314]

I agree that is a lot of extra work if you want to delegate part of your work to a third party, but in present you don't send credit cards info, secret api keys to any third party, so it is fair to try protect the other kind of data(not only credit card or medical data)

What I hope is that this third party services will advertise the fact they respect GDPR or put documentation on how to properly use this APIs and respect GDPR.

As a user when I get the GDPR prompt that has only the Accept button I just close that page or if I really want to see the content I use a private window, accept the popup .

If i would build my own product SPA I would avoid the third parties crap, if I can't because I really need the third party I would make sure to read the TOS since at my work I seen how much it sucks getting screwed by a third party.