[jacobsenscott]

This terrible, but building a business based on third party api's is always a tremendous risk. This isn't the first time a bunch of small apps have been killed off by some company making their api's inaccessible.

Also, for people who are pushing for more government regulation of service providers - this is the lite version of what you are asking for.

[jonbronson]

> this is the lite version of what you are asking for

I'd say this is the heavy version. A new startup can put together and run a GDPR compliant web app for over a year for far less than $15,000.

[tick_tock_tick]

As long as no requests that you delete their data or provide them with a copy. As soon as that starts happening $15k doesn't go very far in man hours to comply.

[vertex-four]

Just because you’re terrible at documenting where you put users’ information doesn’t mean everyone is.

[icebraining]

From personal experience, yes, it really does. Why do you think otherwise?

[jacobsenscott]

It seems easy because you don't need to prove it. You can do your best and then launch it.

But you can't prove it for under $15k and if you are successful eventually you'll need to prove it.

Anyway, I'm not talking about the GDPR. That's just bureaucrats testing the water. The US congress is starting to look for ways to get their cut as well.

It will get to the point where you need to prove compliance with multiple conflicting regulations first, before launching. Now you need to spend $100,000 on auditors before your first push to heroku.

Most people in software, especially startups, have never had any contact with a regulated industry and don't know what they are in for.