Not complying with GPDR is a legit threat to a company's bottom line. A11y much less so.

Depends: for a company operating purely in the US/outside Europe, an ADA lawsuit, or customers from fields that have a11y requirements not buying their product, seems more likely than GDPR fines. At least for now, there's little indication of GDPR tools being even attempted against companies not explicitly doing business here.

GDPR has become the new Godwin's Law.