[unity1001]

That enforcement is pretty much enough for Eu businesses to observe GDPR.

And its way more than enough for large foreign tech companies like FAANG to have obliged with it waaaaay earlier.

Enforcement generally happens upon reporting. So your garden-variety startup or corp somewhere in the US or another corner of the world is unlikely to get reported unless they start to get sufficient userbase in the Eu.

[quonn]

I once requested under GDPR my personal data on a well known dating app. It contained all messages ever sent as well as GPS positions for years (try it yourself). I then requested that data to be deleted permanently and they refused.

I didn't take it to court because I didn't want my dating history to be dragged out in court.