Geoblocking is meaningless, unless you're somehow magically blocking EU citizens in your own country through voodoo. If you store any data on an EU citizen in an identifiable (to that citizen) manner, GDPR applies.
We have received legal advice that this is not the case. GDPR applies to inbound data from the EU, including to non-EU citizens sending data from inside the EU. EU citizens outside the EU are not covered, or at least so I'm told. In any case, should an EU citizen contact us from a non-EU location and make a request about data, we will apply the law as exists in that non-EU location. Should anyone, including the EU, object, they are free to take action with respect to any assets we may have in EU locations. Which is zero.
Biting the hand that feeds IT
