Having to spend some effort to make sure you are in compliance with a huge new piece of regulation is expected and I understand that people complain about having to do it. However, after the initial bring-up pains any business which continues to have a problem with the GPDR most likely has a business model directly in conflict with the spirit of the law.
Say I use a DDoS prevention service (like cloudflare). They get my user data, and also have to be under scope of GDPR as well. And since IP isn't indicative of EU citizenship status, a company had better apply GDPR to everything rather than just a subset.
In the end, this law makes a "We respect the privacy of your data" subset of providers, and provides a great way for us users to identify bad actors (Google, FB, Amazon, etc).
And that's what Cloudflare chose to do. We are treating all customers the same regardless of location.
"Of the companies I spoke with for this story, both Cloudflare and Mozilla will be GDPR compliant no matter where their customers are located." https://www.fastcodesign.com/90171699/what-is-gdpr-and-why-s...
If that's your personal belief then obviously you're entitled to your opinion, but have you seen any actual evidence that that is the case?
However, after the initial bring-up pains any business which continues to have a problem with the GPDR most likely has a business model directly in conflict with the spirit of the law.
Perhaps, but as you say, what we know now is that there are some initial compliance costs for everyone. If nothing else, we all have to understand the new regulations and our obligations under them, and we will now have to allow for additional subject rights and stronger and more specific documentation and notification obligations, which generally apply retrospectively as well.
I admit that part of my concern here is not specific to the GDPR, but rather to the general practice of creating ever more rules governing businesses. Every time some new regulation comes along, the costs of running a business go up. Not only does that impose some level of overhead on established businesses, it also has a chilling effect on new businesses starting up, and on paths to growth like starting a side business that can expand to something full time and later to take on additional employees. If a new regulation is necessary to achieve some positive effect, then those overheads might be justified as well, but I remain to be convinced that this is the case for most of the new rules and regulations that have come in over the decade or so that I've been doing this now. The GDPR is just the latest example of something perhaps well-intentioned but poorly implemented.
The GDPR is becoming a "I'm doing the right thing" checkbox. At least with the European rule, we data-drained Americans can rely that these services might cost more, but we retain our rights.
Lack of will have to be scrutinized. Smaller places may make the determination based upon reasonable answers, or be malicious. Facebook/Google/Etc wouldn't exist in their current forms if there was strong privacy rules in place.
I can't speak for that other person but I've seen lots of evidence to that effect. I look at ~40 companies / year at the moment and a large percentage of those has issues. Usually not because of malice, mostly because of lack of resources or unfamiliarity with regulations.