[Crosseye_Jack]

Nope.

It covers data for EU/EEA citizens and residents data held by companies “doing business” with people in such areas. An off the top of my head example. An Australian citizen who has never been to the EU can not use the GRPR against Microsoft just because MS have a office in the EU.

Edit: My bad, I think the Australian would be under the Dublin office in the slack case. But the GDPR rules are focused on data of EEA/EU residents/citizens and not (always) data of people outside of the EEA/EU collected by companies within the EEA/EU.

[arjmandi]

My point is not a legal one, it's a moral point. If they've complied with the GDPR it means they even have processes and systems to give users their data but didn't have the decency to respect their customer and at least close their account in a much better way. The export law says you are banned to serve Iranian companies (!), Fine, but it definitely doesn't force you to f* your users in Iran!

[cyphar]

Ah okay, that makes more sense.