The regulatory agencies don't start with litigation. If you are unintentionally out of line they will contact you to fix it first, and if you do so in good faith that will be the end of it.
How do they find your are in compliance or not, through what methods? Anonymous complaint? Random audit? What if you decide you are in compliance and what they deem unallowable is critical to your business?
I know what bigcorp's strategy is! Outsource data collection to a 'marketing analytics' firm that specializes in 'GDPR compliance'. Sounds like a new boutique consulting industry.
Similar situations exist for small businesses in the US already, we call them the "IRS" While you might argue that if you don't cheat on your taxes you have nothing to fear, the IRS might decide you took some deductions you shouldn't have, pay up or litigate. If you successfully defend? Oopsies, we might audit you again for the same thing next year (happened to a friend of mine)!
I know what bigcorp's strategy is! Outsource data collection to a 'marketing analytics' firm that specializes in 'GDPR compliance'. Sounds like a new boutique consulting industry.
Similar situations exist for small businesses in the US already, we call them the "IRS" While you might argue that if you don't cheat on your taxes you have nothing to fear, the IRS might decide you took some deductions you shouldn't have, pay up or litigate. If you successfully defend? Oopsies, we might audit you again for the same thing next year (happened to a friend of mine)!