Old Jul 12, 19, 3:50 am
  #249  
Nicc HK
 
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 600
Originally Posted by plunet View Post
Doesn't matter where the data is stored. If it includes the personal data of EU citizens then it is in scope for EU GDPR regulations.
Actually it does, and I have first hand experience of this. I will give you a scenario, GDPR cannot be enforced on an HK based company whose servers are in HK and which has no physical or other presence within the EU, simply because HK courts will not enforce EU laws on an extra-territorial basis.

Now CX has operations and presence in the EU which includes the processing of information relating to citizens of EU members which takes place within those EU members. As with Marriott, an EU member state can well act proportionatly.
Nicc HK is offline