For many U.S. organizations, figuring out whether – and to what extent – Europe’s General Data Protection Regulation (“GDPR”) applies to your operations has caused a lot of headaches. Do you have an “establishment in the [European] Union”? Are you “offering…goods and services…to…data subjects in the Union”? Are you “monitoring” the behavior of data subjects in the Union? How will these terms be interpreted and enforced?