"Compliance is hard" when it comes to the GDPR is patently false. Don't gather data you don't need, and don't track things you don't need, don't share personally identifying data, and don't retain data you no longer need.
All those things are the default. It is hard to run into a situation where you risk violating the GDPR without actively making a decision to do so, with maybe the exception of the whole "users have a right to all their information/delete all their information" thing, which should be a straight-forward database operation unless you're doing something asinine.
The minute you have user accounts, you have to export everything associated with EU residents that invoke data export rights. Every table with a user foreign key.
This is a big scope.
Every upvote. Every comment. Every file upload. Even on your innocuous personal blog. Not sure if it's in scope? Hire a lawyer.
Any product imaginable quickly becomes a big GDPR data export problem and legal headache.
If you're a small company, then you probably only have one database with a few tables in it. If that's the case, it really shouldn't be a huge burden to be able to run a few queries to export that data. And if it is, then you probably have other scaling problems that are an existential threat to your business.
As an example: assuming a standard RDBMS setup with a primary and replicas, I would expect that bulk operations would be done on particular replicas dedicated for that purpose. That way you aren't interfering with writes, or with the "normal" reads that come with regular website use.
All those things are the default. It is hard to run into a situation where you risk violating the GDPR without actively making a decision to do so, with maybe the exception of the whole "users have a right to all their information/delete all their information" thing, which should be a straight-forward database operation unless you're doing something asinine.