My commitment is that maximalism or strict binary assumptions won’t work on either end and don’t satisfy what anyone truly wants or needs.
What’s truly lovely about GDPR is that it is maximalist, strict, and binary. For any “but…” of a corporation the GDPR answer is “fucks given: 0, this is YOUR problem, comply or perish.”
Which makes it so baffling every time a techbro fails to understand it or claims “GDPR doesn’t apply to me.” Just don’t fuck around with PII and don’t collect any without explicit permission from the user! How is this difficult?!