Well maybe the companies should make it easy to extracts and delete people's data?

SV is full of people telling themselves how smart they are, and they can't come up with something as simple as this?

Since the goal is merely compliance with the spirit of the law, the courts likely wouldn't hammer down a company for having issues when trying to legitimately and fully comply with the law.

I would hope that under such an intentional deluge, the court would accept that the reasonable turnaround time for requests would increase substantially.

> by simply overwhelming them with valid requests under GDPR,

Doesn't work in the UK because the request has to be genuine and not vexatious.

https://2040infolawblog.com/2019/05/19/a-cure-for-blindness/

> The relevant text in the final version (Article 12.5) is as follows:

> Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:

> (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or

> (b) refuse to act on the request

Also they have 30 days to respond, so at most you can force them to grab your data every 3-4 weeks even without that clause.

You should then implement an automatic process. But why a large number of your users would start asking for their data at once? Maybe you did something wrong and they want to move elsewhere and in this cage you would like to keep them hostage?

You can automate this - easily in most cases.

If you can't locate my data and send me a copy and/or delete it then you don't deserve to be in business.

It's as if you had a parking business and couldn't locate my car.