Yeah, that’s how it was advertised, but that’s not really true.
GDPR affects any company with assets accessible to EU regulators. It does not affect companies that have no business presence within the EU.
A Chinese (Or Brazilian, or American, or any non-European) company that has no physical location or bank account in Europe is still accessible to European citizens. That company can still serve European customers. But European regulators have no means of enforcing the GDPR against that company; the European citizen is not protected by the GDPR from such a company.
Theoretically it also requires any company which is subject to GDPR not to send any data to third parties who aren’t, but I honestly don’t know how well enforced that is
Yeah, that’s how it was advertised, but that’s not really true.
GDPR affects any company with assets accessible to EU regulators. It does not affect companies that have no business presence within the EU.
A Chinese (Or Brazilian, or American, or any non-European) company that has no physical location or bank account in Europe is still accessible to European citizens. That company can still serve European customers. But European regulators have no means of enforcing the GDPR against that company; the European citizen is not protected by the GDPR from such a company.
Theoretically it also requires any company which is subject to GDPR not to send any data to third parties who aren’t, but I honestly don’t know how well enforced that is