The cost of compliance is directly proportional to the amount of personal data you're processing.
GDPR compliance is usually expensive because people ignore Art. 5.1.(c):
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
If you choose to collect personal data, you're responsible for handling it with due care. If you don't want that responsibility, don't collect the data. If your business model is predicated on doing shady things with personal data, find a different business model.
GDPR compliance is usually expensive because people ignore Art. 5.1.(c):
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
If you choose to collect personal data, you're responsible for handling it with due care. If you don't want that responsibility, don't collect the data. If your business model is predicated on doing shady things with personal data, find a different business model.