The GDPR is very expensive. Every data processing activity needs to be auditable, every customer relationship needs a data processing agreement (and each new custom one needs to be reviewed by legal), we now pay fees to all sorts of data protection authorities. On top of that, it forced us into a new, more expensive insurance policy.
What fees? In the UK you have to register with the authority (as UK companies did before) and that fee had a max of £2900 per year for companies with a turnover greater than £36million or more than 250 members of staff
Orgs under that limit pay £35 - £60 depending on size. Non profits pay zero, companies who only process data for things like staff admin pay zero, there are other exclusions