| +1 to all of this. As someone who's been running small tech businesses in the UK for a while, I think it's also fair to say that the GDPR was unusually onerous even for government regulations. Over the past decade or more, only the VAT mess was comparable for anything coming out of the EU that I've been involved with. The similarities in those two cases are striking. Each was meant to address a legitimate and well-established problem with how big businesses operate. Each also caused disproportionate expense and hassle for small businesses, even if those businesses weren't the intended targets and what they were doing was basically OK before. Each had significant ambiguities that were either open to interpretation or missing key details, and so probably needed expert advice on compliance in many cases. Each required businesses to change their record-keeping, documentation and processes for compliance, even if the substance afterwards was still much the same as before in each case. Also, in each case enforcement seems unlikely for smaller businesses, so those who either didn't know about the new rules or wilfully ignored them gained an advantage over their competitors who were making a good faith effort to comply. I don't like good people being penalised just for trying to run their businesses legally and responsibly. |