On the argument about GDPR preventing people from swapping business cards... It would only apply if you intended to input their details into your computer system and assume that you are free to market to them just because they gave you a business card. You're not free to market to them without their permission, it's pretty simple.
If you intend to collect people's details and use it for nefarious means like marketing to them when they didn't ask you to and you don't agree to stop doing it when asked, then you're going to get into trouble. There's not really anything wrong with that imho.
The GDPR talks about processing data, storing it safely, using it as intended, only asking for data that you need, marketing to those who agree, keeping it up to date and deleting it if someone asks you to. It's a way to allow people control over their data. If it's that onerous to do these things, even as a start up, you're probably doing something that you shouldn't be doing.
I'm no legal expert, but interested to know your thoughts.
I draw the line at all of this cookie consent bs though... no one I've ever met knows or cares about exactly which cookies are set and why. I'm getting a bit sick of going onto websites and clicking 'Accept' just to get the thing out of my view... the only other option is to go exploring their privacy policies and having the onerous task of opting out of everything. Websites are listing every cookie they've ever set in a table and explaining what they are all for... no one is every going to read that.
This is one of the opt out pages for
one website that I saw the other day:
Cookies just shouldn't contain personal data and shouldn't be personally identifiable. Maybe the cookie API should allow developers to mark tracking cookies as tracking cookies... then at least those that want to comply, can do easily. There's no hard and fast way to prevent websites from 'abusing' cookies to track people without legal action.