As with many laws people think its what is sold as.
There are a lot of good ideas in the GDPR, but once you start looking into implementation it gets a lot more complex.
Its not just business. A community organisation (like my local amateur theatre, or a sports club, or a parish church etc.) is subject to pretty complex rules. Often things run by volunteers that keep very little data. Here is the guidance for UK GDPR (which is still pretty much identical to the EU version) compliance for small organisations:
Read it all, and tell me its simple for an organisation with a limited budget, or for someone without either a technical or legal background to understand.
There are a lot of good ideas in the GDPR, but once you start looking into implementation it gets a lot more complex.
Its not just business. A community organisation (like my local amateur theatre, or a sports club, or a parish church etc.) is subject to pretty complex rules. Often things run by volunteers that keep very little data. Here is the guidance for UK GDPR (which is still pretty much identical to the EU version) compliance for small organisations:
https://ico.org.uk/for-organisations/advice-for-small-organi...
Read it all, and tell me its simple for an organisation with a limited budget, or for someone without either a technical or legal background to understand.