Expert Advice Community

Guest

Applicable for GDPR?

  Quote
Guest
Bills Created:   Aug 01, 2019 Last commented:   Aug 02, 2019

Applicable for GDPR?

Hi I want to understand the applicability of GDPR for my organization. If I am an entity who is not in EU/Europe and say in the middle east and running a retail business in the gulf but I collect and process European citizen personal data as they are my customers. I collect, process and use their data in some business process/analytics to capture and see their shopping trends for business development. Am I applicable for GDPR? Should I be GDPR compliant? Please advise Thanks
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Aug 02, 2019
Answer:

Probably one of the most important changes, the GDPR will enjoy extended applicability affecting entities not established in the EU. Of course, some conditions must be met for the extraterritoriality to be applicable. The EU GDPR will apply to the processing of personal data of EU data subjects, regardless of whether the processing activities take place in the EU or not. The EU GDPR is also applicable to entities established outside the EU if they offer goods or services to individuals in the Union, or if they monitor the behavior of individuals in the Union (i.e., profiling activities, tracking individuals’ activities on the internet, etc.).

The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Conseque ntly, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.

When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case, the processing does not take place “in the Union,” nor is the individual “in the Union”.

If you want to find out more about the extraterritorial reach of the EU GDPR check out this EU GDPR Foundations Course (https://training.advisera.com/se/eu-gdpr-foundations-course//).
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 01, 2019

Aug 02, 2019

Suggested Topics

Guest user Created:   Oct 16, 2019 EU GDPR
Replies: 1
0 1

Questions regarding GDPR

Guest user Created:   Feb 17, 2021 EU GDPR
Replies: 1
0 0

Mobile app GDPR compliance