This is where I think Business Insider is ultimately "wrong", yet it keeps stressing in all related articles how this will create huge bureaucracy.
From what I see in the ruling, it keeps stating "under the directive" (Data Protection Directive).
The current Directive, does indeed give national governments the right to decide how it's implemented. However, the new Directive (or regulation actually, meant to pass this year) will unify the directive for all countries. So I believe this "bureaucracy" issue, at least in regards to having to follow 27 different laws, will not be an issue anymore.
Even the current directive likely doesn't require satisfying all nations separately; since the various schemes are supposed to be compatible (i.e. conceptually safe harbor, though it's not called that, does apply within the EU), if a business hosted its data in one country and served others from there, they'd likely be safe.
There might be some bureaucracy to ensure that you really count as being hosted there (e.g. possibly ensuring that the parent company cannot access said data - which would be problematic for some companies), but AFAIK (IANAL) there's no legal distinction between EU and non-EU companies in this kind of rule.
From what I see in the ruling, it keeps stating "under the directive" (Data Protection Directive).
The current Directive, does indeed give national governments the right to decide how it's implemented. However, the new Directive (or regulation actually, meant to pass this year) will unify the directive for all countries. So I believe this "bureaucracy" issue, at least in regards to having to follow 27 different laws, will not be an issue anymore.