I know that there is a HUGE concern about the fines that can be used to backup GDPR.
I know of US companies that have a EU presence legally (but with little income from EU) that are considering just blocking EU traffic as a way to stay safe and smallest over-head.
That's fine, businesses have that choice. Hopefully, GDPR gives people a choice w.r.t what happens with their data.
Many countries in the EU have a great standard of living by focussing on individual's rights vs companies. Well, I say focussing. From our perspective, it's just normal and a good balance. But if you live in a country where companies can screw you over in a million ways ("at will" employment, arbitration, NDAs, etc.), maybe such rights might seem a bit alien.
No, I mean my understanding of the law is unclear because the law itself is. It'll take a few court cases to hammer out most of the clearifications. Once it's better understood or made to be like the pci that literally spell out steps to take for minimum compliance it'll be a headache at best.
Fair enough, although how is this different from other laws? If laws were obvious, there'd be no lawyers or judges.
And if you've tried to comply with the law, but unintentionally fail to handle some edge-case with low impact, the sanctions are pretty light (e.g. a warning letter). It's not draconian, as long as you don't cut corners.
Most laws aren't so far reaching and the vast majority in terms of regulatory scope have been flushed out. These same issues do happen with any new broad far reaching regulations. This is one of the first that is both a significant increase in regulatory burden and that deals with, ostensibly, the global tech market.
Also, the fines here can be real money, which also isn't often the case. That plus the lack of clarity are why people are concerned about it.
Basically they're worried that you can do everything right and still be wrong because everything isn't well defined and is very difficult to define.
As a citizen of an EU country, I’d prefer to have the choice from as many companies as possible, and to decide myself whether I do or do not mind sharing my data with a company. This will reduce my choices.
I also disagree with you that the EU regulations are a good balance - it’s skewed way too far towards over-regulation.
That's just a band-aid though: they're effectively gambling that data protection laws won't ever come in effect in the US and Canada, all the while locking themselves out of expanding into the EEA market.
After the Equifax thing it's not looking like a very solid bet.
Would that be sufficient? I would think a EU citizen interacting with such a company from within the US would open the company for GDPR requests. Enforcing them might be hard, yes, but it could be enough of a nuisance.
I think this will change the world, just as the EUs push for lead-free soldering did.
I know that there is a HUGE concern about the fines that can be used to backup GDPR.
I know of US companies that have a EU presence legally (but with little income from EU) that are considering just blocking EU traffic as a way to stay safe and smallest over-head.