> Can we just flat out assume the GDPR won't indeed be abused to scare away smaller players though?
The language of the GDPR makes frequent references to the scope of the processing activity and to its frequency. The law purposefully applies less to smaller controllers. The authorities have made their job harder for going after smaller controllers.
Moreover, the GDPR is done in the scope of the EU, which is not very litigious. Bigger players are unable to bring legal claims against smaller players in any way. The only way for them to game this system would be to fraudulently lodge complaints at the data protection authorities who would have to not notice what is going on and actually bring action against the smaller players.
The language of the GDPR makes frequent references to the scope of the processing activity and to its frequency. The law purposefully applies less to smaller controllers. The authorities have made their job harder for going after smaller controllers.
Moreover, the GDPR is done in the scope of the EU, which is not very litigious. Bigger players are unable to bring legal claims against smaller players in any way. The only way for them to game this system would be to fraudulently lodge complaints at the data protection authorities who would have to not notice what is going on and actually bring action against the smaller players.