I'm saying no such thing, and it's neither courteous nor constructive to twist words like that.
You keep asserting that it's not necessarily to have a lawyer review a letter, despite the letter being legal in nature and in this case clearly coming from someone who is looking to cause trouble. Clearly you and I have very different attitudes to risk in this respect.
In any case, an obligation to comply with the law is self-evident. My objection is that the law itself is poorly implemented and that what is necessary to comply is ambiguous.
Everything you do with customers is legal in nature
But most interactions with my customers do not begin with a multi-page letter that literally opens with a direct threat and then proceeds to demand a response on 40 different points.
Your repeated scare mongering around GDPR is fucking tedious
I run small businesses, and we have been dealing with GDPR issues. The ambiguity and overheads I have been talking about in this discussion are costing us time and money right now. Dealing with a letter like they one we're discussing would cost us more time and money. Apparently we aren't alone in these respects.
Some of the GDPR's supporters have argued that the lack of proportionality in the actual regulations is not a problem because the regulators will enforce it pragmatically. I have personally heard such arguments made about onerous EU rules before, and through my own businesses I have been on the receiving end of government mistakes and their rather unpleasant consequences. And again, that wasn't some freak unlucky event: thousands of other businesses are known to have been subject to similar problems, in more than one incident, involving more than one government authority.
A few people have suggested that involving lawyers in response to a letter like this is unnecessary. Clearly it's going to be a matter of risk assessment, but I don't think it's unreasonable. Once again, I have personally seen (at a former employer in this case) how much time can be wasted if a company gets caught up in formal legal proceedings even having done nothing wrong.
In short, there are people out there dealing with the issues you call "scare mongering" every day. These are not just hypothetical problems. Maybe you've never been caught up in them yourself, but sadly not everyone is that lucky.
especially since almost everything you've said about it is false.
If you're going to call me a liar, please at least tell me what I've written anywhere in this discussion that was false so I can set the record straight.
Aren't those letters already pretty standard anyway? I was sending those to various places > 10 years ago using the existing privacy/data protection laws in the country I was a resident in.
(you get fun stuff back, I got all the logs from my public transit card that way)
You keep asserting that it's not necessarily to have a lawyer review a letter, despite the letter being legal in nature and in this case clearly coming from someone who is looking to cause trouble. Clearly you and I have very different attitudes to risk in this respect.
In any case, an obligation to comply with the law is self-evident. My objection is that the law itself is poorly implemented and that what is necessary to comply is ambiguous.