"The EU's General Data Protection Regulation is going to be implemented in May next year."*<p>Multinationals operating in GDPR-compliant countries will face MASSIVE fines if a request to delete PII isn't fulfilled within some time-frame.
In addition, proof needs to be provided.<p>Given that data-sprawl is an insufficient term to describe the organizational-complexity of consumer-data within large firms, what's the plan???<p>* - Inspired-by/stolen-from:
https://news.ycombinator.com/item?id=15932232
Companies under 250 employees can avoid most of the impact of the law. I think it's kind-of well designed, because it affects the companies who can afford the compliance work.
By doing nothing. Either it will be found to be totally unworkable or they will fine me and I will wait for the EU to come and collect their fine with their army. EUFU.
Same way I deal with their silly cookie laws: don't sabotage my site's user experience for somebody else's poorly thought out laws.<p>I still get the occasional angry user complaining that my website deleted something of his after he clicked the delete button and the confirm button. So I make his day by flipping .IsActive back to 1.<p>If you really don't want something to be on the internet, don't upload it to the internet.
If you need a way to identify EU users then you can do so via our IP Geolocation API (ipdata.co) that returns an `is_eu` flag. Then do whatever you like.
If data sprawl is your issue, fix your company processes and the problem will be solved.<p>GDPR mainly resolves flaws in how companies relying on IT use their customers data. Blocking EU customers is just delaying the inevitable since GDPR equivalents will be established in US or whatever too.