On 2022-01-28 at 20:43 -0700, jonkomer wrote: > > When the keyserer operator operates outside > > of the EU I don't think that is a legal problem. > > If an individual that requests his personal information is > removed (i.e., the "right to be forgotten") is EU resident, > GDPR applies regardless of the jurisdiction in which the > information server is located. > > Jon K.
Not really. If an EU resident is travelling on nonEUland, the GDPR wouldn't apply. And it protect as well an noneulander which was only temporarily on EU. In order for the GDPR to apply to a company (controller/processor) not established in the EU, the people whose data is being processed must be in the EU (irrespective of whether they are a resident or staying for a couple of days) and the company would need to be: a) offering of goods or services (even if it's for free) to such people in the Union; or b) monitoring their behavior (which takes place in the Union) See article 3 for the details: https://gdpr.eu/article-3-requirements-of-handling-personal-data-of-subjects-in-the-union/ Best regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
