This is a terrible line of reasoning. GDPR came AFTER the expense software, so blaming the company for not forwardly thinking about an non-existant regulation is ridiculous.
You had two years. Plenty of time to figure this out.
Also: is this your line of reasoning? It’s really weak. To take it to extremes: “we’re still using asbestos and lead pipes because the legislation was nonexistent when we started using them”.
Also: is this your line of reasoning? It’s really weak. To take it to extremes: “we’re still using asbestos and lead pipes because the legislation was nonexistent when we started using them”.