Ebony wrote:The GDPR applies to:
1) a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
2) a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.
So MDA should care about the international law of their customers. They actually don't have a privacy policy at hand. So it's kind of hard. I don't know who's their data protection officer and who's responsible for the processing.
1. MDA/Hauptwerk is based in the US. It has no "branches established in the EU".
2. I'm not a lawyer, but I fail to see how or why EU law ever could, or should, apply to any country or body outside the EU, however much one might wish it were different.
Wikipedia says:
The Telemediengesetz (German meaning "Telemedia Act") requires that German websites disclose information about the publisher, including their name and address, telephone number or e-mail address, trade registry number, VAT number, and other information depending on the type of company. German websites are defined as being published by individuals or organisations that are based in Germany, so an Impressum is required regardless of whether a site is in the .de domain.
And: There is no equivalent legislation in the United States.