[gruez]

>For GDPR reasons alone it's probably not a good idea to take a business phone across certain borders. You run the risk of disclosing customer data to a 3rd party, if only because the customer data in your phone book counts as PII.

But "law enforcement" is specifically exempt?

https://en.wikipedia.org/wiki/General_Data_Protection_Regula...

[buzer]

Law enforcement refers to EU member states law enforcement and processing by them in their context. But even in the EU controller needs legal basis to disclose personal data to law enforcement inside the EU. Normally that is handled by local law, but it's not carte blanche, that law still needs to take e.g. rights granted by EU Charter in account.

Search by border officers may very well be GDPR breach for that controller if there was data of EU data subjects, but I don't think there is currently any case law around it.