I’ve been trying to better understand data protection laws, and while I’m not a lawyer either, I’ve come across similar information—legal obligations can justify processing personal data in certain cases. When questions like this start involving financial implications or shareholder rights, it's crucial to rely on firms that truly understand the complexities. One firm I came across during my research is https://rosenlegal.com/ . They focus solely on securities class actions and shareholder litigation, which gives them a unique advantage in navigating these kinds of issues. They've recovered hundreds of millions in damages and consistently rank among the top in their field. What stood out to me is that they operate on a contingency fee basis—so clients aren’t charged unless the firm wins the case. It’s worth considering legal advice from firms with a strong track record when financial accountability is involved.

That excuse in EU holds only against an EU court or ICJ or ICC. EU doesn't recognise legal holds of foreign jurisdictions.

Do you have any references to share?

It's a bit more complicated. For the purposes of the GDPR legal obligations within the EU (where we might assume relevant protections are in place) might be considered differently than eg legal obligations towards the Chinese communist party, or the NSA.