The obvious problem is that most software systems developed are not built for all the intricacies of this. Changing an entire software product, that's been around for a few years, to not fall foul of any of this retrospectively is a massive amount of work. Who is going to pay for this work? Not the customer of your product that is for sure they'll go else where.

A bit like Brexit 99% of people are not in a position to take a logical action for this. As in the case of brexit an emotional action was taken and now it's a s$%t show.

Average person on the street as others have said won't understand the implications. It will introduce more complexity for those people. In otherwords now all software they interact with - if being full compliant - will have to ask explicitly - this website you are signing upto, can we have permission to store the details you just typed in? WTF? If you don't want it to be stored don't fill it in, if you don't think it's reasonable for that site/system to have that information don't fill it in. In some cases if you don't enter that information then you can't use the site/system.

Even if you take it on the chin and do all the work. Then you are going to lose even more time/money because if anybody says prove it, how can you? Once info has every been stored that information could leak in any number of ways - screenshots, shared with third party system before you revoked your permission. It is an admirable goal but ignores reality. Fines should scale to the size of the business since large businesses will have more money/resource to put into the required changes.