First, I would recommend reviewing this terrific article on managing permissions. It is a very valuable best practice guide for new admins considering their security model:
One key takeaway from that article is: manage permissions at the Group and Project level, and not at the users, views, and workbook level.
So in your example, you could add your EMEA users to a group called EMEA, then create a separate project just for the EMEA team. Then you can grant access to that project only to the EMEA group, and publish views to the project that only they should see. You don't need to bother denying access to other groups as Tableau Online will err on the side of denying if you do not grant access.
If you want to grant access for all groups to a particular dashboard but still limit who can see what at the data level, you can publish views with User filters. Given your desire to "keep it as simple as possible", this might be too complex, though.