It isnt. Being GDPR ready is not that hard. It just takes time and resources, but following the law always takes that. And leave it to businesses to complain about anything and everything.
>It just takes time and resources, but following the law always takes that.
Right, and that's why laws should be worded to minimize the time and resources required to comply with them. Laws like GDPR and Article 13 are like a nominal tax on every business. It's easy for Google and Facebook to throw a few million dollars and a few thousand engineer-hours to take care of compliance with this stuff. It's much more difficult for a 10-person startup with a fixed runway.
Saying "It just takes time and resources to deal with that," is a vacuous statement. It takes time and resources to deal with anything, no matter how large or small. The key factor is how much time? How many resources? And finally, how do the time and resource requirements compare to the time and resources you have on hand?