Fair point - my intent was to point out that some sources which are less intimidating than others. If all you read was the Varonis link you'd be in trouble, but if someone's the kind of person who thinks that they can read one blog post and understand the GDPR I'm not sure they're the kind of person that can be helped anyway...

I would even go as far as saying that that article is straight up wrong/misinterpreting at least some of the articles.

I randomly checked Article 14, as I am wondering how I am expected to communicate to users that I don't collect any PII([0]), and it turns out Article 14 is not about

"You need to tell people what you’re doing even if you’re not collecting personal data."

but about

"Information to be provided where personal data have not been obtained from the data subject" = "You have collected personal data about the data subject, just not directly from them, but via some other source"

[0]: Even though I'm not sure if that's even easily possible for any company that has a website, now that IPs can fall under PII.

Pardon me but, what does ICO site mean in this context?

Information Commissioner's Office: https://ico.org.uk/about-the-ico/

The link to ico.org.uk in the comment above.

The Information Comissioner’s Office site, as linked in the grandparent post.