> For a startup or small company, the cost is prohibitively high.
Nonsense. I look at another high tech data driven start-up every week and not a single one has stated that the GDPR costs are 'prohibitively high'. Sure, there are some that need to do more work than others (medical, ad tech). But on the whole companies that were already doing their best to not fuck up with their customers data have very little to do in order to get to where they should be and the remainder has a bit more work but will mostly likely be more-or-less compliant by the 25th and what work remains will be done long before the eye of Sauron will turn their way by virtue of their size.
The cost is strongly related to the size of the organization and the amount of sensitive data you hold as well as whether or not you were a bad steward of the data in the past.
I'd go as far as saying that if you responsibly handled data before GDPR, what you have to do to be GDPR compliant is document the process and make it possible to delete data upon request.
Nonsense. I look at another high tech data driven start-up every week and not a single one has stated that the GDPR costs are 'prohibitively high'. Sure, there are some that need to do more work than others (medical, ad tech). But on the whole companies that were already doing their best to not fuck up with their customers data have very little to do in order to get to where they should be and the remainder has a bit more work but will mostly likely be more-or-less compliant by the 25th and what work remains will be done long before the eye of Sauron will turn their way by virtue of their size.
The cost is strongly related to the size of the organization and the amount of sensitive data you hold as well as whether or not you were a bad steward of the data in the past.