GDPR is TOTALLY different. If you can't run a business under GDPR legislation then what you're doing is almost certainly unethical or at worst mismanaged and irresponsible with customer data.
On the other hand this legislation will completely change the internet as we know it.
I don't believe that. If a compagny has no idea where does their data goes and what their use is, they have shitty practices and / or are incompetent. Good riddance
All you need is a privacy policy and the ability to delete / return customer data when requested. But that doesn't have to be in real time/automated, you can just set up an email address and respond manually. It's rare you'll even get a request if you're a company with such a small IT budget.
All the other things (double opt-in email, not contacting your customers in an unsolicited way) are process changes that can be implemented without IT cost.
Good riddance then. Not gonna cry for them like I'm not gonna cry for a restaurant that gets shut down because complying with health standards is too expensive.
maybe - but the philosophy behind it is similar. The EU lawmakers just cannot stand to the existence of unregulated area. Everything gotta be under their control. Unfortunately, once you support pro-strict regulations, then there is no going back. One day, I believe, the internet as we know today won't exist in the EU.
Bureaucracy, compliance cost, uncertainty of enforcement... The category doesn't need to be the same, just the pile upon pile of anti-(small)business regulation.
You say "anti-business", I say "consumer rights" (and more importantly "human rights").
As a small business you can comply with the GDPR fairly easily unless you have no regard for anyone's privacy to begin with. And even if you're not 100% compliant you won't be insta-sued to bankruptcy, you'll only be reported and the relevant data protection agency will check on you. The GDPR encourages data protection agencies to help businesses fix their problems and only use fines as a last resort for gross violations and wilful negligence.
Unless you're storing/processing information that has special protections (e.g. religion, sexual orientation, medical data) the bureaucracy is also fairly tame, especially for small businesses, especially for businesses that aren't at their core based on processing personal information (e.g. not online dating startups).
Compare this with the "upload filter" as it has been interpreted in the media so far: allegedly every website that allows users to upload content would have to implement their own Content ID database and sign deals with publishing companies or license filtering services.
It's a bit ironic, since the very first thing I see when I visit the link is a giant banner to consent to being tracked, or visit each and every third-party advertiser's opt-out site from the giant list of advertisers present on Vox's platform. Said list carries the explicit note "We provide the table below as a courtesy, but we are not obligated to maintain or update it. We are not responsible for third-party sites and their privacy practices as it relates to opt-outs from tracking activities."
On the other hand this legislation will completely change the internet as we know it.