That is an interesting question. If the answer is 'yes', then I, for one, would be geoblocking all inbound connections from the EU; we already geoblock China and most of Latin America, mostly to kill spam, so extending the blocking to the EU would not be a problem. My operation simply does not do enough business with EU residents (we don't do much business with people from out of _state_ much less out of the US) to justify the time and expense of complying with the regulations, and I have no intention of opening myself to the level of fines which can be imposed. It's simpler to just block access. I expect that a lot of small-time companies will do exactly that. So we lose 0.1% of our yearly business, if that... we balance that against the cost of complying, and the size of the fine for not complying. And, of course, as we will no longer be doing business with anyone in the EU, we would delete all records pertaining to past business; EU residents can't get in contact over the Internet with us, anyway. As a courtesy we would inform the ex-customers of the change by postal mail, we wouldn't retain so much as an email address or any past emails. Once the postal mail goes out, the names and postal addresses will also be deleted from the main database. There's going to be a meeting on this point later today. I expect that we'll be sending out mail to ex-customers by close of business.
If the answer is 'no', then the new regs have a massive hole in them, which _will_ be exploited.
Anyone from the EU who wants to do business with us will have to figure a way to contact us without getting blocked by the geoblocking, and will have to explicitly and completely consent to whatever we want, or they can bloody well fuck off.
Biting the hand that feeds IT
