Ok, interesting comment ! I agree and disagree with you. Article 3 of the regulation states very clearly » (…) This Regulation applies to the processing of personal data of data subjects residing in the Union by a controller not established in the Union, where the processing activities are related to: (a) the offering of goods or services to such data subjects in the Union; »
So if you’re a company doing business within the EU or simply processing EU resident’s data, legally you’ll have to apply the regulation, otherwise you’re heading for legal problems (people suing you in their countries). Of course if you’re a small company doing a littlebit of business in EU you’re not going to be impacted a lot.
But this is not the outcome of this regulation. The outcome is to target Google, Facebook, Twitter, to make sure they comply with EU laws. That’s it, period. That’s the main target. The rest, well some companies will be practically impacted, some others not.
