Originally Posted by
percysmith
If EU can whack a fine on a non-EU corporation like Marriott, can they whack a similar fine on CX (trading in EU)?
Maybe.
The extent of the CX data breach is very much unknown. If EC wants to rely on GDPR for fines, the data breach itself must have some relationship with Europe (this is why BA is doomed, but not necessarily Marriott).
If the data breach mostly involves the personal information of customers in Hong Kong, which sounds like the case here, then the EC will have no say on a domestic issue happened in Hong Kong.
So yes - this is primarily a PCPD issue, which you can guess what the PCPD will do.