Little known fact: GDPR replaced the Data Protection Directive (95/46/EC) from 1995 which itself replaced the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, written in 1981. Now if you compare these three, there is enough details to get an undergrads degree in law, but on the high level the tenor did not change much. Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules. Well one of the details probably mattered: the fines went up considerably.

> Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules.

At least in Germany at the time of GDPR, the startups (and also bigger companies) were struggling with the insane amount of compliance requirements, and the uncertainty how to actually interpret these legal requirements also in terms of federal law.

In other words: these (German) companies (and startups) clearly obeyed the spirit of these, as you say, 40 year old laws, but struggled hard with the formal red-tape requirements of GDPR.

I was thinking more about regulations around taxis, short-term rentals, etc for example.

As an aside, GDPR enforcement is so lacking (even today) it doesn't register on anyone's radar beyond those that fear-monger about it or sell snake oil to pseudo-comply with it. But even then, keep in mind most of what the GDPR has was already part of many countries' own legislation, and things like spyware were illegal even in the US (but again laws don't apply if you are a company and have enough capital).

> As an aside, GDPR enforcement is so lacking (even today) it doesn't register on anyone's radar

That’s not really true, every app offers some version of “Download your data” these days as a result of GDPR.