[pembrook]

Except it isn't. I too thought this was the case. Please talk to a lawyer sometime for a more nuanced take (I begrudgingly have).

The funniest part about GDPR is that currently any organization that uses pretty much any US tech is in violation of the latest rulings, including much of the EU government itself running on Microsoft tech.

If you've just been consuming journalist or internet comment narratives on this topic you have no idea.

[mqus]

oh I know. And considering the CLOUD act that's how it should be. Maybe I shouldn't have written "easy to follow" since stuff like backups can get tricky and DSARs can be a pain on the receiving side, but it is certainly easy to understand. I do hope that GDPR does add a wedge for getting less dependent on US companies that obviously do not care about privacy at all.

But please also share the more nuanced take on the GDPR of your lawyer. You can't go around making claims like that without substantiating them ;).