P.S. I should have added: the whole jurisdiction issue is, clinically speaking, one of the most interesting parts of GDPR. I've never seen a law that so broadly asserted that the country or union from which the law was promulgated will enforce it anywhere and everywhere - it's pretty damned gutsy. It will almost certainly be sorted out through lawsuits, and that will definitely be popcorn time.
> On Nov 21, 2018, at 11:03 AM, Anne P. Mitchell, Esq. <amitch...@isipp.com> > wrote: > > > >> On Nov 21, 2018, at 8:48 AM, Bill Cole >> <sausers-20150...@billmail.scconsult.com> wrote: >> >> There is no reason for anyone without a commercial presence in the EU or CH >> to be concerned with GDPR. > > Except for the private right of action provided in GDPR, and small claims > court in the U.S. > > And, for entities that spam enough people "in the EU" (for our > analysis/explanation of that, along with why U.S. companies should comply > with GDPR, see here: > https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ > NB: GDPR does not state anywhere that it applies to EU residents or > citizens, only the vague and ambiguous "in the EU") the language in GDPR that > states they will go after anyone, anywhere in the world. > > Anne > > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop > > > >
