A lot of the compliance efforts and a lot of the consulting that I've seen done really focus on education. Sure, you need someone who understands the law, you need maybe a legal opinion on a few business practices, but there are lots of solutions, many free, many paid for. Obviously if you pay, you get better service and support to manage consent tracking, daytime tracking, even to manage the idea of taking screen shots at the point of data collection and tracking what forms look like. There are solutions out there. Not all of them are onerous to use; not all of them are expensive to use, either.
Is $40,000 for an organization a lot of money to comply? Honestly, I don't necessarily think it is for most mid-sized businesses. Smaller businesses, sure, but smaller businesses also tend to have very small email lists and they may very well know every person who's on their list, so they're not going to be necessarily looking at.... They know where their consumers come from. They have transaction purchase data; they have that history. It's just organizing it in a way that makes it accessible and easy to understand.
There was a question earlier in the panel around six-month implied consent versus two-year implied consent. All of those things are built into marketing automation platforms now. You can track the date the consumer subscribed. You can assign a flag to them to say this is a six-month implied consent, this is a two-year implied consent, an express consent. You can build the logic right into the marketing platforms that will either suppress those users when they've reached their end-of-life cycle or will notify those users, or build some sort of communication plan proactively into reaching those consumers before they reach their expiry.