You don't need all of that stuff if your business respects people's privacy by design.
It's like complaining that the GDPR is causing cookie banners on every site. That's only half the reason. The real reason is that the websites need one's opt-in to do something they shouldn't be doing. Obviously the law should have been crafted with an automatic system to reject all non-necessary cookies in mind, but the fault for the cookie banners still lies with the website.
If your system has the notion of users at all, then most of that red tape is unavoidable, no matter how privacy-respecting you are being.
Either a solid and affordable PaaS solution or at the very least a single global international standard is sorely needed here. The current model is barely sustainable as it is, and it's getting worse, even for privacy-respecting endeavors.
It's like complaining that the GDPR is causing cookie banners on every site. That's only half the reason. The real reason is that the websites need one's opt-in to do something they shouldn't be doing. Obviously the law should have been crafted with an automatic system to reject all non-necessary cookies in mind, but the fault for the cookie banners still lies with the website.