Translation: Spain will enforce the law that says that citizen data must be kept in servers in the EU instead of digital havens, which is what the Catalan government is doing.
Check with a lawyer for details, but the best way to describe it is the EU can do little about data once it is outside of the EU: their laws don't apply elsewhere. They have ways around this.
If you have a EU presence (ie an office) that presence gets into trouble if data is sent outside the EU without a lot of care - this includes care to ensure the foreign government of where you send the data won't get it (which makes most companies not transmit data outside the EU if at all possible).
None of the above applies to this case though because presumably it is the person in question sending his own data outside the EU. There isn't much they can do about that.
> None of the above applies to this case though because presumably it is the person in question sending his own data outside the EU. There isn't much they can do about that.
Not at all. The problem here is that the Catalan government took advantage of their power position and used official data to fill the database of this "digital republic". This is precisely what this law disallows. They can still hold servers where citizens enter their own data.
No - the GDPR regulates transfers of EU citizen data outside of the EU, but it by no means prohibits it. To summarise - the organisation involved follows the rules by transferring data only to other countries that have equivalently strong laws, or for other countries, by using Binding Corporate Rules or approved standard contractual conditions to establish internal corporate policy that meets EU standards.
Spain will create that law