[volkl48]

As far as I can tell there's still no actual mechanism in existence to enforce GDPR against an entity which has no significant operations in/financial exposure to the EU.

The GDPR text basically says "we'll ask other countries nicely and negotiate with them".

I'll be interested to see how the first real case goes against even a US-based entity that doesn't operate in the EU, much less one based in a country like North Korea.

[deith]

I assume they will just block the domain.

[jiveturkey]

"they" being the entire EU? there's no mechanism for that.

[Jimw338]

> no mechanism for [blocking access to company X for the whole EU]

..they'll ask all the EU ISPs in each of 28 member states to block company X - nicely.

() "EU citizens" meaning potential customers of company X - the "enticement" for company X to pay the EU the fine.