[salad77]

But for compliance many interpretations say it's EU /citizens/; I don't think there are 3 simple steps to block any EU citizen...

I'm sure many Governments would love to be able to so simply identify what their citizens do online though.

[jiveturkey]

those interpretations are wrong. but even so, blocking eu traffic by IP isn’t sufficient.

[silsha]

> those interpretations are wrong.

Source?

[kevsim]

Not a lawyer myself, but according to the regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...): "In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects who are in the Union by a controller or a processor not established in the Union should be subject to this Regulation where the processing activities are related to offering goods or services to such data subjects irrespective of whether connected to a payment"

So if the users are in the Union and you're not, you're still on the hook. If the users aren't in the Union, you're free and clear.

Also applies to EEA countries like Norway and Lichtenstein btw (source: am currently working on GDPR compliance in Norway).

[icebraining]

Not from a regulator, but: https://www.linkedin.com/pulse/gdpr-does-apply-eu-citizens-g...