GDPR could become the next EUVAT stink
GDPR affects every single business, small trader, voluntary organisation, sports club whether you have electronic records or manual records, or whether you are in IT, or just run something as simple as a hairdressers.
Maintain a list of members, or customers, or suppliers, use email and you're pretty much certain to need GDPR compliance. Unlike the DPA where you just had to fill a form in and pay a fee, under GDPR you have to demonstrate you are compliant - documents, policies, training, supplier contracts (eg gmail) and potentially audits - the whole bureaucratic shebang.
That means every single organisation in the UK has to audit and document its data, data policies and have mechanisms for consent management and security in place. If it costs a minimum of 2 days consulting time or equivalent at £400 per day - for the UK's 5.5m+ businesses, that's an implementation cost of at least £4bn. Once it gets better known among haulage companies, and taxi-drivers and the folk who run the football clubs I can see there being the most humongous stink about GDPR - it is a classic bureaucrat's solution with much too much 'you must' instead just leaving it at 'you must not'.
Biting the hand that feeds IT
