The GDPR imposes 68 obligations on the controller [Tiles O].

However, too many obligations, which are often only to be fulfilled schematically, lead to non-compliance and ultimately to the erosion of legal compliance (less-is-more paradox).

In addition, many information, documentation and verification obligations cause a compliance burden (bureaucratic costs) for citizens, the economy and the administration, which is hardly offset by a measurable benefit.

A large number of the obligations are tailored to the data processing of large companies, but they also apply to everyday processing in which they can, however, hardly be complied with.