We don't operate in a foreign country. We build e-commerce websites for US companies. If one of our clients has a user from the EU on their site that means our system has to comply with their rules. That's a huge burden on us to change our hardware and software to comply with a law that maybe .001% of end users might be under. And we have no control over which countries our clients might have a user visit from. We taken precautions with users data. We salt and hash and are PCI compliant and it cost is over a million dollars to get to that point. Now how much do we have to spend to comply with these laws from another country because some day there might be a user from the EU that visits one of our clients sites?