I'm not going to disagree with that and I'm not opposed to the privacy controls in GDPR. The context here in a solo dev who is dealing with GDPR. When you're trying to get a business off the ground, iterating fast and trying to build a business that can survive to day 2, every single bit of busy work should be avoided. Why reduce your chances of success by chasing a market that takes more work than other markets? The global market without Europe is big enough to support any startup; so long as you build something people want.
> Why reduce your chances of success by chasing a market that takes more work than other markets
That is the same excuse which was - and in IoT-land still is - used to delay thinking about security because it could be bolted on later. The answer to this question is "because if your business ends up successful you will eventually have to implement this functionality so you have to make sure your architecture allows for it". If your "fast iterations" lead to personally identifiable information being scattered all over your system in such a way that removing this for any given user is an onerous task you made the same mistake as those developers of yore - and of now in IoT-land - who assumed everyone who had a 'net connection could be trusted. That was a costly mistake for which we're still paying off the debt.
