What are the legal requirements for a blog run out of American servers by an American to be GDPR compliant these days?
I'm sort of wondering whether you can get away with responding to such a request these days with "I am not in a jurisdiction that is obligated to comply with that law, and if you choose to charge me with violating it I am not under obligation to defend myself in court nor render myself for judgment?"
As long as you’re not collecting the personal data of Europeans, there’s basically nothing you need to worry about.
Your location and jurisdiction are mostly irrelevant - you’re obliged to comply with that law when you offer a your website in Europe. Of course the only possibility of enforcement is also in Europe, so there’s not much going to happen.
I suppose if you ran a rogue business then in theory credit card funds from European customers could get frozen by a court or something - but let’s be clear, GDPR is aimed at regulating big business primarily. Nobody is coming after your blog
That's what I'm thinking. If you're not European, it basically boils down to the realpolitik of whether your home country would render you up to European judgement or other private businesses you deal with would choose not to deal with you because you don't bother to say whether or not you comply with the GDPR.
I'm sort of wondering whether you can get away with responding to such a request these days with "I am not in a jurisdiction that is obligated to comply with that law, and if you choose to charge me with violating it I am not under obligation to defend myself in court nor render myself for judgment?"