> Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules.
At least in Germany at the time of GDPR, the startups (and also bigger companies) were struggling with the insane amount of compliance requirements, and the uncertainty how to actually interpret these legal requirements also in terms of federal law.
In other words: these (German) companies (and startups) clearly obeyed the spirit of these, as you say, 40 year old laws, but struggled hard with the formal red-tape requirements of GDPR.
At least in Germany at the time of GDPR, the startups (and also bigger companies) were struggling with the insane amount of compliance requirements, and the uncertainty how to actually interpret these legal requirements also in terms of federal law.
In other words: these (German) companies (and startups) clearly obeyed the spirit of these, as you say, 40 year old laws, but struggled hard with the formal red-tape requirements of GDPR.