I'm an attorney and I've gotten lots of small business owners asking me about GDPR compliance. It's simple in theory -- just disclose your policies, let people delete their data, etc. The mechanics of compliance aren't really the issue. It's concern about enforcement and the uncertainty of it. After I explain jurisdictional issues and the fact that enforcement of GDPR against a purely US-based company is completely untested (and probably not even possible), most just reply "fuck it, we'll just not sell to anyone in Europe."

I agree with the basic concept of GDPR, but the uncertainty around it, the seemingly unclear nature of what exactly it means, and the fact that it will be enforced by each individual EU member potentially differently, all adds up. It's just not worth it.

This just adds to the pile, in a BIG way