If it took "nearly a year" to satisfy GDPR, then your company's practices were, frankly, irresponsible (and perhaps still are), and it's a good thing you were forced to do that work. (Either that, or you misunderstood the legislation, and wasted thousands of hours when you could've just spent 3 hours reading it.)

GDPR-compliance in a greenfield project is cheaper than dirt, up until someone makes a GDPR request, at which point it's slightly more expensive than dirt because you had to take 15 minutes out of your day to satisfy the request. By your third or fourth GDPR request, it's perhaps worth taking time to implement an automated flow, but having that many customers is a lovely problem to have!