>There’s speculation that enforcement could occur via the FTC Privacy Shield 

Privacy Shield is entirely optional. Joining it requires a lot of
paperwork and a substantial administrative fee.  If you don't do all
that, it doesn't apply to you.  Please see my previous comment about
people who think they understand the GDPR vs. people who actually do.

Also, Privacy Shield is a retread of the Safe Harbour deal which EU
courts invalidated in 2015.  Max Schrems, the guy who filed the case
against Safe Harbour, has filed a similar suit against Privacy Shield,
with Facebook as the defendant.  I wouldn't bet a lot on Privacy
Shield lasting any better than Safe Harbour did.


PS: For anyone who came into the middle of this argument, my point is
that if you have no EU nexus, the realistic chances of the EU taking
action against you round to zero.  If you do have EU nexus, you better

