Honest question: I see a lot of companies complying with the GDPR.
Why aren't there companies simply pulling out of the EU instead? For internet-based companies, they can still continue to serve EU customers while keeping all servers in the US. Unlike China, most EU countries aren't going to engage in internet censorship if companies just back out of the EU.
Credit cards also generally inter-operate between US and EU, so it's even possible to accept payments from the EU without setting foot there or otherwise physically entering EU jurisdiction.
I assume most companies are doing the math on that, and it seems for many making a reasonable attempt at compliance comes out as the better option.
Many of the large companies have subsidiaries and all kinds of connections in Europe, severing and restructuring those would also be very expensive. Some of them need those subsidiaries to provide their services.
If your customers are or include businesses (so the vast majority of SaaS?), "just take their money anyways" won't work.
I assume a lot of smaller companies targeting consumers actually aren't doing all that much right now: That's even the case for EU companies, and those are a lot easier to target.
Do you have any specific examples of companies where you think they should just pull out?
Internet exists in the physical world.
You can use extradition to put CEOs in jail.
You can use commerce treates to enforce USA to make them comply.
You can ban their IPs.
You can make Apple, Google, or whatever the platform that allows this to pay.
Internet is part of the real work, and the rule of law still applies there. Even when there is a lot of tech start ups that think the contrary.
Google pulled out of the Chinese market, while Apple complies with Chinese law.
The question isn't where the company is based, it's where your customers are based. You could be purely based in the US but if you have any customers in the EU, you have to comply with GDPR. Obviously, for an internet based company ruling out the whole EU market is kinda untenable.
[+] [-] dheera|8 years ago|reply
Why aren't there companies simply pulling out of the EU instead? For internet-based companies, they can still continue to serve EU customers while keeping all servers in the US. Unlike China, most EU countries aren't going to engage in internet censorship if companies just back out of the EU.
Credit cards also generally inter-operate between US and EU, so it's even possible to accept payments from the EU without setting foot there or otherwise physically entering EU jurisdiction.
[+] [-] detaro|8 years ago|reply
Many of the large companies have subsidiaries and all kinds of connections in Europe, severing and restructuring those would also be very expensive. Some of them need those subsidiaries to provide their services.
If your customers are or include businesses (so the vast majority of SaaS?), "just take their money anyways" won't work.
I assume a lot of smaller companies targeting consumers actually aren't doing all that much right now: That's even the case for EU companies, and those are a lot easier to target.
Do you have any specific examples of companies where you think they should just pull out?
[+] [-] ionised|8 years ago|reply
That's not the case though. If they are serving EU residents, they have to abide.
[+] [-] kartan|8 years ago|reply
Internet is part of the real work, and the rule of law still applies there. Even when there is a lot of tech start ups that think the contrary.
Google pulled out of the Chinese market, while Apple complies with Chinese law.
[+] [-] GordonS|8 years ago|reply
Because it's really not that hard to tell users what data you collect about them, and what you intend to do with it.
If you care a jot about life your users' privacy you are probably mostly compliant already.
[+] [-] dbbk|8 years ago|reply
[+] [-] auganov|8 years ago|reply
Also on the flip side, it'll take a while until there are GDPR horror stories.
Right now the smart move is to advertise compliance and see what happens.