That's not how GDPR works. GDPR doesn't care where your company is registered or does business; if they process the personal data of EU citizens then GDPR applies.
I was an Estonian resident a while ago, and I wanted to delete data in my old VK.com account (a Russian company). They didn’t do anything, naturally, so I wrote to Estonian data protection inspector or something. They said that (surprise!) they can’t do anything either.
Things might be better now, but my bet is if you register a company in, say, Seychelles, and your business is purely digital, you can ignore GDPR all you want.
EU can, in theory, tell payment processors to stop working with you, but I haven’t heard of such cases. Even then it won’t help if you don’t sell anything (apart from user data).
Some EU countries have started blocking websites (by spoofing DNS) – this could actually work to put some actual pressure on non-compliant companies, but also is kinda too authoritarian for EU?
Tl;dr: GDPR has good intentions, it just doesn’t work right now if the data processor is not in EU.
Correction: replace "EU citizens" with "people in the Union". That's how GDPR describes the people it covers. It's where you are that matters for GDPR rather than citizenship.
notpushkin|1 year ago
I was an Estonian resident a while ago, and I wanted to delete data in my old VK.com account (a Russian company). They didn’t do anything, naturally, so I wrote to Estonian data protection inspector or something. They said that (surprise!) they can’t do anything either.
Things might be better now, but my bet is if you register a company in, say, Seychelles, and your business is purely digital, you can ignore GDPR all you want.
EU can, in theory, tell payment processors to stop working with you, but I haven’t heard of such cases. Even then it won’t help if you don’t sell anything (apart from user data).
Some EU countries have started blocking websites (by spoofing DNS) – this could actually work to put some actual pressure on non-compliant companies, but also is kinda too authoritarian for EU?
Tl;dr: GDPR has good intentions, it just doesn’t work right now if the data processor is not in EU.
tzs|1 year ago
chgs|1 year ago
If Sam were to target an EU citizen then it would.
raverbashing|1 year ago
But if you just walk into a pharmacy in the US and send your sample from there GDPR has nothing to do with it