Good riddance, you will not be missed.
"Abusing your data is vital for our business model and we will stop our operations before you have the right to request information how we use your data"
“My company is small and so can’t afford to manage our customers data properly” doesn’t hold water with me.
If this causes cull of a part of the current crop of companies and have them replaced with companies that are able to meet requirements them so be it.
Write a set of scripts to pull user-related lines out of your database(s), write another script to sanitize the output, write another script to delete the lines from script #1 and act as the big red delete button.
This is giving large corporations more power? Seriously?
I'm going to avoid making a statement about GDPR as a whole or about the OP, but I will say that I don't think large companies having an advantage at this phase is "bullshit."
One specific aspect of GDPR seems a good example of this. Third party data processors. If you use various third party products that provide tracking, testing, or other shims, you're responsible for ensuring export and delete of any PII associated data that flowed to those channels as well. Now, you can say the response is "if your partner doesn't have responsive channels, you have to pull the data" to make onesself compliant, but BigCos have the implicit advantage of being able to push the other direction, and get systems/functionality built into the third party product to allow them to be supported easier.
The amount of face to face time, support, and "deep touch" I can get with third party companies when compared to prior smaller corps is very apparent to me, and I'd be lying if I said it didn't make my task of ensuring GDPR compliance easier. Whether that translates to "more power", I don't know. But it's certainly an enabler.
I think this is the real issue. Some large percentage of the current crop of startups don't actually have a business model other than "get as much data as possible and sell it to the lowest bidder".
GDPR is adding a substantial implementation tax to that model and what we're seeing is the reset for companies who can't survive.
"Oh we are bad and abuse our power"
Oh you want more regulations? Whoopsi.
Only huge corp's can finance that? Oh well.
* The legal tracked information includes IP addresses, which means all logs must be able to selectively expunge IP address info.
* You can no longer have soft-deletes as a safety mechanism to maintain referential integrity if your data is (as is common) related to a user/account as you are responsible for being able to expunge that data.
* There are no exemptions for first time visitors, which means you can't just put up a no-EU unwelcome mat and serve up any third party tracking.
* The penalties are pretty draconian for a small business.
* It looks like retargeting businesses might be in trouble? Maybe?
