Regulation is a moat. It costs money to build systems that comply.
Building compliance is not building for your customers direct asks and requirements. Especially software that does not originate in the EU. How many startups are building data export to comply with data export regulations?
I spent nearly a year plumbing through complex microservices to satisfy GDPR at my last company. We collected an enormous amount of PII and KYC data from payments processing, and there were so many downstream services impacted. And I was just one engineer from amongst dozens of impacted teams that had to deal with it.
Regulatory compliance is not free.
Regulatory compliance is frictionful.
I'm not saying regulation is bad, but that it is a cost of doing business and a tax on engineering. Especially for startups looking to go toe to toe with bigger incumbents that have already paid for compliance and that can afford to pay fees to ignore compliance to go fast.
If it took "nearly a year" to satisfy GDPR, then your company's practices were, frankly, irresponsible (and perhaps still are), and it's a good thing you were forced to do that work. (Either that, or you misunderstood the legislation, and wasted thousands of hours when you could've just spent 3 hours reading it.)
GDPR-compliance in a greenfield project is cheaper than dirt, up until someone makes a GDPR request, at which point it's slightly more expensive than dirt because you had to take 15 minutes out of your day to satisfy the request. By your third or fourth GDPR request, it's perhaps worth taking time to implement an automated flow, but having that many customers is a lovely problem to have!
Building compliance is not building for your customers direct asks and requirements. Especially software that does not originate in the EU. How many startups are building data export to comply with data export regulations?
I spent nearly a year plumbing through complex microservices to satisfy GDPR at my last company. We collected an enormous amount of PII and KYC data from payments processing, and there were so many downstream services impacted. And I was just one engineer from amongst dozens of impacted teams that had to deal with it.
Regulatory compliance is not free.
Regulatory compliance is frictionful.
I'm not saying regulation is bad, but that it is a cost of doing business and a tax on engineering. Especially for startups looking to go toe to toe with bigger incumbents that have already paid for compliance and that can afford to pay fees to ignore compliance to go fast.