They aren't slow and expensive - they specifically limit the amount of separation you need to do if you're a small business.
If you deal with, or store, information about users why shouldn't you be held to reasonable standards for protecting that data? Why should you be allowed to keep that data for however long you want to?
Businesses used to run without stalking people, just because it's become the norm doesn't mean that it is required, or even just ethical.
The GDPR does not put any strain on us - I'd love some more detail on what you believe these "slow and expensive process burdens" are?
All the GDPR does is hold companies to follow a reasonable standard about PII and consent. We only need something like the GDPR in the first place because so many companies hoover up PII and tracking information without consent, using and selling it as they want, and not even taking sane measures to secure it.
If you want to capture and process PII, you should legally have to first gain consent, and you should have to take care to secure it. If you can't comply with that, you're not responsible enough to hold such information.
I’m talking about a data protection officer bottleneck, keeping records of all processing, impact assessments, and waiting on prior consultation with government. Those are all ongoing costs and schedule risks that hurt even teams that have always complied. “Don’t track people” won’t save you from these.
This particular thread was about small businesses, and the things you have listed exist only in large businesses. I would also add that they also existed before the GDPR.
There’s an exemption for “a natural person in the course of a purely personal or household activity” but I haven’t see any size cutoffs below which an organization can ignore GDPR process friction. 20M EUR fines are explicitly allowed no matter how low your revenue is.
