People get scared of lawsuits, especially if they're from a very litigious country like the EU. Companies lobbied against the law hard, spreading the idea that any visitor of your website could sue you for millions because you sent a cookie header. Reality is much less scary for most decent people.
Technically, the law applies to everyone worldwide, regardless of location. However, if you have no business in the EU and don't plan to expand your current business operations to the EU, you don't need to worry.
Hell, if you don't meet the requirements, the relevant enforcement departments generally give you plenty time to implement the necessary requirements or block access if you're a dick. The exception, of course, is data brokers and huge companies like Facebook or Google where the impact is much larger.
The GDPR doesn't expose you to lawsuits from anyone but the privacy monitoring instances of EU member states. The average American blog or news site isn't nearly large enough for any government instance to start a lawsuit.
You can also ask yourself: so what if they fine my company a €10.000. They're not going to send a team of special forces over the Atlantic or through Russia just to extract the cash from you. You only need to pay the fine if your company ever needs to do business in the EU. If your company structure makes your personally liable, this also impacts your future holiday destination decisions, but you can live perfectly fine without seeing the Eiffel tower.
A lot of very similar laws are also being passed in California right now, which will probably be a lot more dangerous than any GDPR restriction, but if you follow the GDPR you're pretty much set to protect yourself from Californian lawsuits as well.
Most of the GDPR is just "don't be a dick with people's data". If the fear of not meeting requirements stops the free-for-all data exchange market, then I'm perfectly fine with that.
Technically, the law applies to everyone worldwide, regardless of location. However, if you have no business in the EU and don't plan to expand your current business operations to the EU, you don't need to worry.
Hell, if you don't meet the requirements, the relevant enforcement departments generally give you plenty time to implement the necessary requirements or block access if you're a dick. The exception, of course, is data brokers and huge companies like Facebook or Google where the impact is much larger.
The GDPR doesn't expose you to lawsuits from anyone but the privacy monitoring instances of EU member states. The average American blog or news site isn't nearly large enough for any government instance to start a lawsuit.
You can also ask yourself: so what if they fine my company a €10.000. They're not going to send a team of special forces over the Atlantic or through Russia just to extract the cash from you. You only need to pay the fine if your company ever needs to do business in the EU. If your company structure makes your personally liable, this also impacts your future holiday destination decisions, but you can live perfectly fine without seeing the Eiffel tower.
A lot of very similar laws are also being passed in California right now, which will probably be a lot more dangerous than any GDPR restriction, but if you follow the GDPR you're pretty much set to protect yourself from Californian lawsuits as well.
Most of the GDPR is just "don't be a dick with people's data". If the fear of not meeting requirements stops the free-for-all data exchange market, then I'm perfectly fine with that.