|
|
|
|
|
|
by himinlomax
2161 days ago
|
|
|
My understanding is that merely having a website that can be accessed from the EU may not by itself be enough to be subject to the GDPR. However collecting or processing data on EU citizens or residents certainly is. And almost all websites track users (even when it's not obviously useful to do so), so unless you go the USA Today route and create a site for the EU with no tracking, you have to comply. There's also the question of who they sell the data to. It's hard to see why they would sell EU citizens/residents data to companies who don't have any EU presence themselves, so at least some of their customers are bound by the GDPR as far as these are concerned. Informed consent is required at every step, so for example they would need the EU subject's consent to buy that data from RocketReach. |
|
|