[NeedMoreTea]

Not what I would call a kneecapping, or even a burden.

Compliance cost at the place I work in the UK was negligible. We have personal data on every customer, had to make some one time code changes, and ongoing costs are essentially zero. Frankly, compliance was trivial and little different to Data Protection - which was also trivial to comply with.

If you're data mining everyone to death and selling it off to multiple unnamed third parties, compliance may well be more challenging. Hardly surprising as that's one of the things it's trying to constrain.