After all, no company wants to face the financial implications or the potential international trading issues and reputational damage that could result from non-compliance. All Rights Reserved.

This still holds true even when the person is a citizen of a non-EU country visiting Europe. Breach Notification — organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data.

This post seems relevant for wordpress. The rules for transferring personal data outside of the EU are strict in order to ensure that every individual within the EU has the same rights and freedoms, no matter where their personal data is stored and processed.