> Assuming they don't have an EU presence of some sort, EU law doesn't apply to them.
That's not correct. If they handle EU people's data, they are responsible for it and can still be fined. Obviously this cannot be enforced if they never visit and have no assets in the EU.
Its correct purely because of jurisdiction. EU laws don't apply for people with no presence in the EU, unless there was some kind of treaty where one country agrees to enforce another's.
That's just how laws, any law, works. The EU can "fine" all they want but it would be entirely symbolic.
That's like if US restaurants had to enforce EU food safety laws when on US soil because a EU citizen is eating there.
Fortunatelly, unlike US laws, GDPR, by virtue of being EU law, is actually readable by normal human beings, so its fairly straightforward:
toyg|8 months ago
That's not correct. If they handle EU people's data, they are responsible for it and can still be fined. Obviously this cannot be enforced if they never visit and have no assets in the EU.
shados|8 months ago
That's just how laws, any law, works. The EU can "fine" all they want but it would be entirely symbolic.
That's like if US restaurants had to enforce EU food safety laws when on US soil because a EU citizen is eating there.
Fortunatelly, unlike US laws, GDPR, by virtue of being EU law, is actually readable by normal human beings, so its fairly straightforward:
https://gdpr.eu/article-3-requirements-of-handling-personal-...