confusion reigns.
My employer sees clients in the US from around the world. When that happens, they are on our soil and the GDPR does not apply (according to a very expensive 39 page report from some outside counsel.)
However if we opened an office ON THEIR TURF, things would change dramatically.
Questions become fuzzy when we answer emails from them while they are in their home area (right now the opinion is that email isn’t quite the same as having a location there).
Also our laws and some state laws require ‘forever’ data points to be maintained when we provide service, here at least. So when the EU person wants to be forgotten, I’m pretty sure it ain’t gonna happen, folks. Maybe the stuff generated if we ever open an office over seas, but only to the stuff pertaining to data generated there, and not here.
Otherwise, it is a big mess. Parts are in contradiction to one another from what our, did I say expensive?, attorneys have advised.
For many, it won’t be worth the threat of being fined 4% of your GROSS sales, not net, and not from that particular transaction. So if you sell a widget and get $10 from the sale, it isn’t 4% of that, it is 4% of anything you sold, so if you sold a few hundred ships to some Dutch company, it is 4% of everything. Clearly this is punitive beyond common sense, and one must speculate as to how in the world they even dreamed anything like this up.
Google, Microsoft, Apple and others are huge cherries to be picked by them finding an infraction and milking it for all they are worth.
I’m not even a cheap attorney, but from what we’ve been told, you can do all the business you want remotely and answer emails and all, but just don’t open a business in their countries.
I’m sure there will be those who reconsider opening a branch in an EU country.