left-svg
Bonus expert support worth 500 EUR
with the EU GDPR Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

GDPR applicability

  Quote
Guest
simmal Created:   May 11, 2022 Last commented:   May 18, 2022

GDPR applicability

Hey, 

So if we are a non-EU based organization and offer products/services (not SAAS) to a few  EU based companies  (not all customers in EU) would GDPR apply to us ? 

Especially if we maintain EU-customer information like email, address and phone number ? 

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Dr Phage May 11, 2022

Sounds like you are a Data Processor under GDPR and do have obligations

Quote
0 0
Guest
simmal May 11, 2022

Can you please elaborate how are we acting as a processor ? We are not collecting customer data based on any controller instructions, we have their data because they take subscriptions of our products/services. The only data we retain are email id, phonenumbers and physical addresses. 

Quote
0 0
radsec May 13, 2022

If you're not GDPR compliant I belive you're out of scope for many EU-based organisation. Many organisation would/could not concider start doing business with you.

Quote
0 0
Expert
Tudor Galos May 18, 2022
So if we are a non-EU based organization and offer products/services (not SAAS) to a few EU based companies (not all customers in EU) would GDPR apply to us ? Especially if we maintain EU-customer information like email, address and phone number? We are not collecting customer data based on any controller instructions, we have their data because they take subscriptions of our products/services. The only data we retain are email id, phonenumbers and physical addresses.

Article 3 GDPR - Territorial scope states the following: “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union”. So in this case GDPR applies to you.

Many US-based companies find GDPR compliance a little difficult to handle. Advisera's EU GDPR Documentation Toolkit can help you comply with GDPR as a U.S. company - it has all the necessary documents for controllers and processors, as well as support from our GDPR experts.

Please also visit these links:

Tudor Galos
Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

May 11, 2022

May 18, 2022

Suggested Topics

Guest user Created:   Mar 09, 2021 EU GDPR
Replies: 1
0 0

GDPR Applicability in Canada

Guest user Created:   Mar 31, 2020 EU GDPR
Replies: 1
0 0

GDPR applicability in the UK

Guest user Created:   Nov 14, 2019 EU GDPR
Replies: 1
0 0

GDPR applicability