zlacker

Exactly that. Working as a data analyst for my agency's clients I had more work in making sure my clients do not panic after having other consultants claiming, that the world will end and what not.

It is possible to comply with GDPR in most cases with not too much of an effort (I know some processual stuff is just boring and ugly, but doable).

It is possible to not have a cookie wall of horror, if you "just" want to do tracking (analytics) or first party onsite marketing.

It will get more complicated with personalized recommendations, profiling and stuff. I have to admit this - especially with third party vendors and such - will be a little bit more fun/challenging.