zlacker

I've never had any real problems with this (as a developer). The GDPR isn't that hard to deal with, mostly its quite intuitive and obvious. The spirit of the law is simple, you need a good reason to have data on your customer, and the customer needs to know and consent to you having it, and remain in control in the sense that you must delete it on request. That is the core, which is very reasonable.

Of course, there is tons and tons of legalese, edge cases, interpretations etc. But if you abide by and implement these basic principles, especially as a small company, you can be quite confident you won't run into any real problems.

If you kind of cared about your customer data in the first place as part of your company culture, its not that hard to adapt. Maybe some really careless companies had a hard time. There must have been some kafkaesque situations killing small companies no doubt, but honestly I haven't heard of them. I only hear Americans complain about it.

To me, this means the law is just right.

>>Lutger+(OP)
GPDR, specifically, expanded the definition of personal data.

If you work in a B2C publicly accessible sector, I can assure you - you store more PII than you'd like to believe.