> When the keyserer operator operates outside > of the EU I don't think that is a legal problem. If an individual that requests his personal information is removed (i.e., the "right to be forgotten") is EU resident, GDPR applies regardless of the jurisdiction in which the information server is located. Jon K.