A mid-sized Canadian software company lands its first European customer and discovers that serving that single client requires appointing a European representative, conducting data protection impact assessments, updating privacy policies to reflect GDPR-specific rights, implementing data subject request procedures, potentially designating a data protection officer, ensuring any subprocessors meet European requirements, and establishing mechanisms for lawful data transfer, the compliance cost for one customer exceeding the contract's value for the first year.