I think many (most?) companies will implement these privacy policies across all of their users as it can be hard to determine whether a user is in the EU or not... so indirectly, this law might mean that everybody will finally have strong privacy guarantees (at least when it comes to companies of a meaningful size).
And as so often the EU will be the initiator of a world wide adoption of (semi) unified rules, as it was for USB charging, among other things.
It will naturally get a lot of flack and a few people/companies will make it their scapegoat as to deflect from them as usual, but that's - sadly - almost normal now.
Is it all good: no!
Is it a good start: yes!
Is it IMPOSSIBLE to comply: heck no, I'm working at a small Austrian company and we had to change almost nothing, as lo and behold, we have no desire to be a data kraken and tried to held the privacy of our customer and users always on a reasonable level. As we'd wish that others do with our data and use of service...
A few years from now I predict people will deny that the EU had anything to do with instigating this, the way people often insist the manufacturers just suddenly decided USB charging was the way to go and ignore that it first happened after the EU threatened them.
I'm curious as to how much time you've taken in researching and implementing specific privacy laws of non-EU countries, since you don't seem to find it burdensome to comply with such regulations. Do you know for a fact you're in compliance with South African, Sri Lankan, or Australian privacy laws?
> I think many (most?) companies will implement these privacy policies across all of their users
In terms of percentages, exceptionally few businesses outside of the EU will implement GDPR. The rest of the world will overwhelmingly entirely ignore it.
There are 20 million businesses in the US. 500,000 new businesses are created each year. 0.1% or less will comply with GDPR. Why? Because very few US businesses ever do business with the EU.
A small clothing retail shop from Texas or Florida or Michigan is not going to concern itself with complying with GDPR just because they took three orders from the EU. They're going to ignore GDPR and continue doing business as they always have. And the EU is going to find it entirely impossible to enforce compliance for those types of small instances due to the scale & tracking required to do so. If by chance they develop a larger EU business, then they'll comply.
Further, how do you force compliance on a US clothing shop from Florida, that sells 27 items per year into the EU, and violates GDPR (while having zero presence in the EU)? They can't, unless the EU develops a Chinese firewall.
The extremely majority of small businesses in India and China also do not do business with the EU. They will not be worried about GDPR. That's true about nearly all the rest of the businesses around the globe.
