> What GDPR does is forcing business to make privacy their core concern.

Not really. It will mostly be a problem for companies which use a lot of SaaS services with no on-premise solution and companies in the business of selling their users data. Not gonna shed a lot of tears for those.

What's your beef with using "a lot of SaaS services, with no on-premises solution"? Why waste money by locking it into on-premises hardware?

You missed the entire point.

How do you guarantee that the SaaS you chose is enforcing the privacy of the data you're paying them to process?

In the same way that AWS wasn't originally certified for government work, and then developed GovCloud: they realized there was a lot of money in it.

If supporting GDPRs is a requirement for having European B2B customers, SaaS providers are going to start certifying against and architecting around that.

And AWS is already well on this

https://aws.amazon.com/compliance/gdpr-center/ https://aws.amazon.com/blogs/security/aws-and-the-general-da...

Actually what it did for me was allow me to ignore the EU entirely. This makes my implementation more simple since I don’t have to focus on the GDPR and can ignore the localization crap from having 2 versions of English.

Careful, the EU is a big market. If you exclude the EU, and get big enough, someone can just copy your business, but abide by EU law. Suddenly you have a compeditor who has access to a large market that you don't have access to.

As it should.