The company I work for has been working on GDPR compliance for the better part of 3 years.
We also maintain compliance in the financial sector and we have both very good in house and external counsel which works with both the ICO and political institutions to ensure we meet our compliance.
The fact is that as an EU citizen you have a say about how the GDPR is applied and you have a say in how it will be enforced and interpreted.
As a non-EU entity you have no voice.
You also cannot ask for assistance from any EU or member state body.
Now if you want a good comparison as you have worked for a legal aid organization before you can likely estimate the hourly billable of a lawyer in the UK to provide you counsel on UK or EU law vs say FATCA or SOX.
My bet is that it would likely be at least 3 zeros in difference.
The fear isn’t that a DPA would go after you, but rather that they’ll force service providers to compell you to comply.
Under the GDPR for PayPal to remain compliant it needs to ensure that all merchants that use it to receive payments from EU residents are also compliant because you share your Personal Information with PayPal who then shares it with the merchant (name, email, address, phone number etc.).
This is going to be the likely channel of enforcement not them dragging you to court.
We also maintain compliance in the financial sector and we have both very good in house and external counsel which works with both the ICO and political institutions to ensure we meet our compliance.
The fact is that as an EU citizen you have a say about how the GDPR is applied and you have a say in how it will be enforced and interpreted.
As a non-EU entity you have no voice.
You also cannot ask for assistance from any EU or member state body.
You also don’t have access to DPA run events for example: https://ico.org.uk/about-the-ico/news-and-events/speaking-en...
Now if you want a good comparison as you have worked for a legal aid organization before you can likely estimate the hourly billable of a lawyer in the UK to provide you counsel on UK or EU law vs say FATCA or SOX.
My bet is that it would likely be at least 3 zeros in difference.
The fear isn’t that a DPA would go after you, but rather that they’ll force service providers to compell you to comply.
Under the GDPR for PayPal to remain compliant it needs to ensure that all merchants that use it to receive payments from EU residents are also compliant because you share your Personal Information with PayPal who then shares it with the merchant (name, email, address, phone number etc.).
This is going to be the likely channel of enforcement not them dragging you to court.