But surely it's applicable to every business. If you hold data on a person then you must comply. Every website that uses user profiles (El Reg - are you compliant?) anyone that takes payment in any form other than cash. If you hold my data then I will be able to ask for ALL of the details you have on me and be able to ask for you to delete them, ALL of them, including from backups (if I understand it correctly).
There are going to be some very, very rich lawyers and a lot of businesses going to the wall. Sadly, it'll mostly be small companies that go under. The monliths with get through it all I'm sure (more's the pity).
On the plus side there will be more work for anyone currently involved in the PPI stuff as that fizzles out and a whole new raft of GDPR IT professionals.
