Hey,
So if we are a non-EU based organization and offer products/services (not SAAS) to a few EU based companies (not all customers in EU) would GDPR apply to us ?
Especially if we maintain EU-customer information like email, address and phone number ?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Can you please elaborate how are we acting as a processor ? We are not collecting customer data based on any controller instructions, we have their data because they take subscriptions of our products/services. The only data we retain are email id, phonenumbers and physical addresses.
If you're not GDPR compliant I belive you're out of scope for many EU-based organisation. Many organisation would/could not concider start doing business with you.
So if we are a non-EU based organization and offer products/services (not SAAS) to a few EU based companies (not all customers in EU) would GDPR apply to us ?
Especially if we maintain EU-customer information like email, address and phone number? We are not collecting customer data based on any controller instructions, we have their data because they take subscriptions of our products/services. The only data we retain are email id, phonenumbers and physical addresses.
Article 3 GDPR - Territorial scope states the following: “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union”. So in this case GDPR applies to you.
Many US-based companies find GDPR compliance a little difficult to handle. Advisera's EU GDPR Documentation Toolkit can help you comply with GDPR as a U.S. company - it has all the necessary documents for controllers and processors, as well as support from our GDPR experts.
Please also visit these links:
- Article 3 GDPR – Territorial Scope: https://advisera.com/eugdpracademy/gdpr/territorial-scope/
- Is the GDPR applicable to our company? https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/
- EU GDPR DOCUMENTATION TOOLKIT: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
Comment as guest or Sign in
May 18, 2022