On 5/26/18 1:30 PM, JORDI PALET MARTINEZ via NANOG wrote:
I don't think, in general the DPAs need to use lawsuits.
If they discover (by their own, or by means of a customer claim) that a company (never mind is from the EU or outside) is not following the GDPR, they will just fine it and the corresponding government authorities are the responsible to cash the fine, even with "bank account embargos". If the company is outside the EU, but there are agreements with that country, they can proceed to that via the third country authorities.
If someone were to show up and issue me a 10 or 20 million euro fine (more in USD), I'd just laugh since I'll never see that much money at one time in my whole life. I'm not convinced they will limit reach to the Facebooks and Googles of the world until a lower limit is codified. I suspect that won't happen until enough small guys are fined 10-20 million euros who could never hope to repay it in a lifetime. ~Seth