It is not trivial, the existence of you job makes that self-evident. If it was trivial companies wouldn’t need a DPO, would they? I would love to see you walk up to your employer and tell them that your job is trivial and anyone can do it…

Again, as someone who performs the job, I’m telling you: It’s trivial. Come on, don’t try to somehow ‘reason’ that away, that’s just silly. Many jobs are trivial, many jobs need to be done. Mine needs to be done because it’s mandated, not because it’s hard. And I could, in fact, walk up to my employer and tell them that it’s trivial because they would understand - both my boss and I took the same one-day course to become certified.

You might not see this yourself, but the fact that even a small company needs a DPO in order to interpret data protection regulation IS the problem! But I am sure you are not complaining… It needs to be simplified so a small company can be GDPR compliant without requiring a DPO.

Again, I don’t know what you think the workload entails, but if you want more specifics I can tell you that my position as a DPO takes up less than 5% of my time and most of that falls to preparing the yearly internal employee training course and the rest is basically automated. It’s not some kind of full time profession unless you have a gigantic corporation or literally run a legal business offering external DPO services. Compare it to the position of something like a medical first responder, if that exists where you live.

In fact, I’m going to do you a solid now and break down the certification course: If you handle personal data, write down where it is and who does what with it. Don’t ask for personal data that you don’t need to perform your function, don’t share personal data with third parties, delete all personal data the moment you don’t need it any more. There, GDRP-compliance for the vast majority of businesses in just one paragraph.
It truly is very, very trivial - as is the whole GDPR main text, for that matter. It’s well structured and uses simple wording.

This problem is recognized in the report from the EU commission linked in the article, which is why they are acting.

Ah yes, the Draghi report. “Europe must invest twice as much as it did rebuilding after World War II, allow more tech and telecoms companies to merge and take drastic measures on defense spending”
If you’ll have another look at the article, that’s part of the massive industry lobbying effort that they’re referring to.

The fact that small startups cannot even take off because they cannot afford to hiring the bureaucrats required to interpret and be compliant with regulation is a massive problem and one of the reasons Europe’s economy is stagnating. It is not about exploiting personal data, it is about the cost of bureaucracy killing European startups in their infancy.

I don’t know how else to put this, but this is just not a real problem. I’m reluctant to outright call it a fiction, because there might always be information that I’m missing, but as someone who has worked in the field for about 3 years now I’ve never come across internal or external reports of businesses who could not afford GDPR compliance. Again, that would be silly, that’s like complaining about building code because you have to spend a pittance on fire extinguishers.