Yep. But China doesn't use GDPR so its completely incorrect to say that you need to comply with GDPR to do business in the world
Based on. Which is a phrase I don't think you understand. Complying with China's rules doesn't mean you are in compliance with GDPR or vise versa. In fact there are several notable differences. One of the biggest is that it is actually quite easy to get a waiver from China's rules which would put you quite far from complying or being similar with GDPR. Also GDPR uses explicit consent while China allows provisions for "implied". So, in reality, compliance with China's rules can be wholly irrelevant to GDPR compliance and is, if anything, support for my argument that you can do business "in the world" without GDPR compliance
I seemed to have touched a nerve. Please point out where I said anything close to that. All I did was point out that the EU and their laws are different from the rest of the worlds. Is that really something we need to debate?
You seem to be confusing the argument here. My point is ONLY that the EU is not the world so compliance with GDPR is not required to do business "in the world". A tangent was made for your erroneous involvement of china's rules. Feel free to go on an on about irrelevant discussions about trading partners, financial services etc. but none of that changes the fact that you can choose to not comply with GDPR and still do business in other areas of the world. And that's not something that is a 'Murica thing either. It's also true for Japanese companies, Chinese companies, Brazilian companies, Indian companies, Russian...well you get the idea
Yeah, except for the fact that you are wrong, everything else is fine.
GDPR compliance isnt obtained by signing a paper that says "i comply with GDPR", but by adopting a series of procedures- such as data portability, or the right to be forgotten, where implementing it for one regulation would cover you for the other. You would need to specifically design a system that doesnt comply with GDPR if you wanted to trade with india *but* not be allowed to trade with europe because of the overlap of the two. You can't say"oh we comply with data protection, just not with YOUR data protection".
These are laws that require some effort to put in place, often rebuilding how the entire structure captures, stores and processes data - hundreds of hours of downtime, massive migrations, implementation of new enterprise software, new internal protocols. It makes no sense for ANY business to want to avoid a specific legislation, considering that the world over they are based on the same concepts.
This isn't an argument about phrasing but about the reality of having data protection as an online business whose primary exports are towards the EU. No data protection = no work. I suppose you could do that work relating to the biggest 3 industries of the world that the US
does not actually export to.
There is a reason that message is on that website - no work was done at all on this front. They dont comply with EU data protection, they dont comply with any, because they are still on their old as dirt systems from 10 years ago.
Fact: you lose exports to the EU, you lose your n1 export market. There are no "three bigger economies" because you are not selling to them.
Fact: you dont put in the work, you won't be able to comply with ANY data protection.
And get ready to do everything in-house because one of your data processors might want to do business in a GDPR country, requiring data-portability formats.
Planning to sell that data? EU based processors.
