[hopeless]

If you outside the EU, it really isn’t about “anyone coming after you”. Even within the EU the enforcement actions currently err of the side of a stern warning rather than fine (except in the most deliberate cases). Though that may change.

Either way, you shouldn’t be doing it out of fear. You should be complying for practical business reason

1. This is how you should be treating personal data. 2. In exchange for complying with GDPR, you get access to a market of >700m people. If you’re a service provider, it’s illegal for any EU business to be your customer without GDPR compliance.

[jimmaswell]

I wonder if a significant amount of small businesses/startups are going to simply not do business with the EU because of GDPR. I know I'd probably rather not have to deal with it if I had a small app or something.