There's a slew of individual things that can be done. EU companies can be prevented from doing business with a (willfully) noncompliant company. Wire transfers going through the EU and other operations can be blocked. And, of course, the service itself, its apps, its sites, its traffic, can be blocked from accessing the EU internet (or being accessed from it).
That's not even getting into international pressure levers.
I don't know that we've seen any of those kinds of actions yet, but they're clearly on the table if a company breaking the rules became a real "problem".
The thing is, if you're just completely avoiding doing any business with the EU, having any EU customers or users, and just not touching the EU with a 1000 mile pole and avoiding the GDPR in such a fashion - well, then there's no reason to go after you. The legislation has done its job.
> And, of course, the service itself, its apps, its sites, its traffic, can be blocked from accessing the EU internet (or being accessed from it).
In other words, the EU can attempt to extend its internet regulations over the rest of the world by implementing a China-style firewall. Well, we'll see if that happens.
It is more akin to the US Sanctions. You don’t have to abide. If you do trade with sanctioned countries, you should not do any kind of business with the US, or pay a hefty penalty.
That's not even getting into international pressure levers.
I don't know that we've seen any of those kinds of actions yet, but they're clearly on the table if a company breaking the rules became a real "problem".
The thing is, if you're just completely avoiding doing any business with the EU, having any EU customers or users, and just not touching the EU with a 1000 mile pole and avoiding the GDPR in such a fashion - well, then there's no reason to go after you. The legislation has done its job.