Well that is indeed a point of view. I guess that seeing as GDPR will be enforced by ICO the same people who were supposed to enforce the cookie law you could argue that the noise around it at this time is the same sort of hookum.
However, GDPR is proper serious legislation and is based largely on best practice for IT security and common sense about who should have personal data. Unlike the Cookie law which was just ridiculous garbage,
As I see it, GDPR was designed to be a tool to beat the likes of Facebook, Google and Microsoft who store unprecedented amounts of personal data on us all as soon as we sign up for any of their services. That’s why the fines and penalties are so gargantuan, it was a monster fighting tool. Of course it’s extremely unlikely that ICO will get anywhere near the monsters. They would be wrapped up for years in court if they did decide to prosecute.
So I guess we should look at who is next on the hit list and see if they should be worried. Larger companies that store personal data for marketing purposes must be the next likely target for the legislation. Signing up for a mailing list when you sign in to Wetherspoons wifi means they have your personal data for instance. These companies need to make damn sure they have the right rules and procedures in place for storing data and that the software they use complies.
Most business don’t really need to do anything apart from use best practice for IT security. They don’t need to buy anything, they just need to make sure they understand the legislation and that they are working towards compliance by 25th May. Those that use email mailing lists might be best advised to give that a review, but if they have a pretty clean list already and use an ethical provider like Mailchimp they don’t really need to worry too much. The important thing is to be informed, read stuff take an online course if you want.
Like the Cookie Law some of the detail will start to come out with the wash and what you actually need to do will become more apparent as businesses take clear positions on their data capture and storage. Don’t just ignore it though, it’s not trivial just make sure you understand what it means for you and your business.