[GoToRO]

don't take my word for it, but I believe that you can only if they have opened a subsidiary in EU. The fine is percent of global sales (not profit).

[jacquesm]

> don't take my word for it

We definitely should not. You are wrong. In that case you are supposed to have to appoint a local representative, see Article 27.

[toong]

I believe that statement is incorrect :-)

[mattlondon]

As far as I understand it, if they are processing EU citizens' data then they are liable for GDPR regardless of where they run their business from.

https://www.techrepublic.com/article/the-eu-general-data-pro...

[GoToRO]

Then I'm curious how do they enforce it. Maybe with US there are some treaties signed, but what about a foreign country that has no treaties with the EU?

[volkl48]

To date, the answer to that question appears to be: Sternly worded letters, which will be promptly ignored.

There's no actual enforcement mechanisms against an entity that does not exist in the EU and has no financial exposure to it. That includes with the US, as far as I can tell.

[mschuster91]

Go for the payment processors - seize any funds destined for the target company, for example.