> there's going to be a lot of shakedown scams from bad actors.
I'm not sure how that would work.
Any compliant service is likely to allow self-service (eg: a button to delete a comment; a link to list out all data; an edit function to correct wrong data).
If you're storing personal information and don't comply with the law, you risk a fine. Just as you risk a fine for mismanaging health data, or risk prosecution for storing data that is illegal, like child pornography.
You might also want to look at GDPR chapter 3, article 12, point(?) 5:
"Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:
charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
refuse to act on the request.
The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request."
I'm not sure how that would work.
Any compliant service is likely to allow self-service (eg: a button to delete a comment; a link to list out all data; an edit function to correct wrong data).
If you're storing personal information and don't comply with the law, you risk a fine. Just as you risk a fine for mismanaging health data, or risk prosecution for storing data that is illegal, like child pornography.