The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...
In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.
Come on, this is just scaremongering. Newsflash: If you run a business, you are already responsible for adhering to hundreds of other laws in which the fines could reach millions. But you don't see people running around screaming that the world is ending, because they know that the laws will generally be applied fairly, given that a large economy (like that of the EU) relies on just application of laws to maintain stability.
Running a business, like anything else in life, requires the ability to make reasoned choices from somewhat ambiguous data. And the data here is somewhat ambiguous for good reason - it's to prevent businesses from exploiting loopholes and rendering the law ineffective. If you are going to crank the anxiety to 10 every time a situation like this occurs, you probably shouldn't be running a business or handling others' data in the first place.
Sure, they will probably don't give that fines, but they could, what if I run a small business that interferes with the activity of some other business run by for example someone that is friend or can corrupt the people in charge of doing the fines ? They will fine me for 20 million dollars, sure I can appeal, a normal trial in my country lasts at least 5 years, in this time I will probably go out of business...
The fact that they could it's a big problem, they should have specified a proportion between the size of your company and the maximum allowed fine.
But as I already said, the stability of the EU’s economy depends on fair application of the law. If the EU levies a 20 million Euro fine on a company with 20 million/year in revenue, the chilling effects of that action would cause much more than 20 million in damage to the EU economy. That should be blatantly obvious. Despite propaganda to the contrary, the EU has a very good record of behaving as a reasonable government entity, moreso than most. They’ve championed quite a few consumer-friendly pieces of legislation that have managed to not destroy the applicable sectors.
If you think this is a valid concern, I can only assume you’re just as worried about other outcomes that have insane, struck-by-lightning levels of unlikelihood, in which case you are not going to have the spare cycles to be able to successfully run a business anyway.