An email-address to send requests to and someone setting up a process for those requests along with a definition of which data to be returned to the user, all that isn't hard to implement. GDPR has caused some panic that's unnecessary.
The violations won't be fined with 4%/€20m (€ not $) right away, there's more steps before that, starting with "a warning in writing in cases of first and non-intentional noncompliance"
Maybe some companies have overreacted, but dismissing them feels a bit like blaming the user for bad UX.
Couldn't you argue that a law that causes a panicked overreaction was a poorly written law in at least one respect, given that laws have a communicative function?
Especially if all these complaints were raised well in advance of the passage of the law, so that the drafters had plenty of warning that several groups were struggling to understand the text?
The violations won't be fined with 4%/€20m (€ not $) right away, there's more steps before that, starting with "a warning in writing in cases of first and non-intentional noncompliance"