[victorbjorklund]

All US companies selling to European customers have to comply with GDPR. European companies selling only to non-European customers don’t have to comply with GDPR. It’s all about who your users are. Not where your company is registered.

[jonathanstrange]

I think what OP means is that a US company cannot simultaneously comply with the CLOUD act and the GDPR. That case has also been made by some courts in the EU, that US law and practice are incompatible with the requirements of the GDPR. US companies who claim to process data in accordance with the GDPR seem to be deceiving their customers. Maybe I'm wrong but it seems to me that companies in the EU who rely on US services, corporations in the US, and even governments themselves keep quit about this unpleasant truth. It means that Microsoft Windows violates the GDPR, Google violates it, every US social network violates it, etc.

Of course, as someone else mentioned, that is not an argument against EU sovereignty but rather one of its motors.

[buzer]

> European companies selling only to non-European customers don’t have to comply with GDPR.

Usually they do. European company processing personal data of non-EU customers falls with article 3(1) "This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

Of course if they do not process any personal data then it wouldn't apply but that's pretty unlikely (and if that was the case the EU customers data wouldn't fall within GDPR either).