1. not data. Personal Data. of course if you know you know, but threads like these are rife with non informed readers.
2. nothing to do with the geo residency of the company. it's about sending the data to the US (or most non-EU countries). Even an EU company can't send the data to the US absent various agreements.
3.You are way overstating the violation part. It's very easy to be able to send the data and be compliant.
That's fair. Although a lot of data can become personal data if you're not careful.
> it's about sending the data to the US (or most non-EU countries)
Disagree, the United States is in a worse condition that most other countries. Even in countries without an adequacy decision, you can usually satisfy GDPR by incorporating SCCs into your contract. A US company cannot comply with GDPR because they are beholden to US laws which require them to violate the terms of any contracts they sign protecting the data privacy of their users (according to the CJEU).
> It's very easy to be able to send the data and be compliant
Probably depends on your context. Something like, say, sending a pile of data over to GCP to train an ML model on? Probably easy to comply. Front-end dev work? Anything that makes the user's device connect to a Google URL is forbidden, since that's sending personal data (IP Address). The higher-level your framework, the more care it takes to avoid some dependency doing this behind your back.
1. not data. Personal Data. of course if you know you know, but threads like these are rife with non informed readers.
2. nothing to do with the geo residency of the company. it's about sending the data to the US (or most non-EU countries). Even an EU company can't send the data to the US absent various agreements.
3.You are way overstating the violation part. It's very easy to be able to send the data and be compliant.