Wait a minute… You provide a service, and your users are afraid the GDPR could come to them?!?

Please tell me I've read something wrong. Otherwise, this is just panic induced stupidity. I expect they will grow out of it (though maybe not before you go bankrupt, which obviously sucks big time).

> The VP and director love my product and want to start using it right away for their department. But their legal team is scared shitless with 4% fines in GDPR. (snip) That's their interpretation of GDPR. It doesn't matter whether it's right or wrong. This is the side-effect of GDPR.

I understand it's frustrating on your side, because you have no control over the response of your customers. But understanding what GDPR is (and not falling for FUD) is why the VPs and Directors get paid the big bucks and get the fancy titles. If they can't or won't work with legal to become compliant, they should resign and let someone else do the job properly.

I'm not saying, "oh it's easy" -- it's not easy. But that doesn't make the law wrong either. And it's not OK to blame GDPR as being "bad", when those rules are mostly just putting some real enforcement around stuff all moral and ethical organizations should have already been doing anyway.

> This is the side-effect of GDPR.

And the GDPR is the side-effect of people running hog-wild with PII etc. I feel for you but I see your situation as collateral damage of the privacy crisis.

The loudest GDPR advocates don’t care about you. 90 years ago they would have been the ones helping collectivize the farms, unintended consequences be damned.

And this law’s effects are all about the unintended consequences. Anyone thinking government regulators are reasonable and benevolent has never dealt with said regulators beyond any trivial level. To make it more fun each member country handles enforcement, so now you have a risk of 28 different interpretations of the law. It’s madness. Even if you do everything right there is still a compliance risk. It’s like HIPAA in the US — HIPAA is pretty “easy” to comply with, but the consequences are so severe that it necessarily drives up operational costs significantly. Unless Europe is a significant part of your revenue, better to block Europe and decrease your risk to near zero rather than have a potential risk of catastrophic, company-ending fines. Because the fine isn’t against profit, it’s against total, worldwide revenue. So unless your European profit exceeds 5% of your worldwide revenue, no sane person would take that risk. Even without the enforcement risk, you still have to deal with potentially hundreds or thousands of information requests — even if you are doing everything by the book.