The other method is to rearrange the business model to introduce shell SMEs or affiliates that pay licenses for subdomains (or what have you) to corporate and have very small actual roles aside from being the unregulated party.

The EU added restrictions related to the data itself to prevent outsourcing the liability in the case of GDPR, it will be interesting to see how well they can define and prevent structuring in this case.