To be fair there is more than a few vague items in the regulation that make it difficult to implement for some businesses. For example it's unclear how disaster recovery can effectively be used to restore systems without breaking the law or how long logs can be archived without violating "without undue delay".
Even today as the law goes into effect, it's still unclear how processors outside the EEA are supposed to act. A client and their team of lawyers has been trying hash that out for a couple months now.
Yeah, some issues are really practical, I guess we'll know when the first lawsuits will start :(
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.