[rankam]

I don't know anything about the regulation and just skimmed the Wikipedia article for a minute, but isn't this regulation unenforceable in practice? If I have a website, how am I supposed to know if a visitor is a citizen of the EU? If my company operates outside of the EU, the EU has no jurisdiction.

[matty22]

I work for an email software company based in the US, but we are required to take GDPR very seriously. Large swaths of how our application stores and handles data has to be rewritten, because if a single one of our clients' emails is sent to a citizen of the EU, and we are not compliant with the new rules, we and our client are legally liable.

How that pertains to a normal website on the internet, I am not sure.

*Edit: At least this is my understanding and my company is already making development plans on how to comply with the new law.

[kuschku]

This is an interesting thing, but, in response to the US applying their laws supraterritorially[1], the EU has decided that the EU GDPR will apply supraterritorial (aka, everywhere, globally, as soon as an EU citizen could be affected).

So, if you're outside the EU, and you violate it, you might suddenly experience that your bank accounts get frozen.

[1] Just look at the recent case where US citizen sued Saudi Arabia in a US court, and the US senate overrode a veto of President Obama to allow this to happen supraterritorially.