[hdkrgr]

This has been exactly my experience. As a data scientist (not a lawyer!) I had to ensure that some of our existing data processing pipelines complied with GDPR (and make sure we could comply with its reporting requirements.)

I found the Articles well-structured, easily understandable, and overall plainly reasonable. In my experience, those who complained about the 'bureaucratic overhead' of making their pipeline compliant were those who were in charge of processes that clearly violated the spirit of the law, trying to press them into the letter of the law somehow.