Is GDPR applicable on companies that operates outside Europe for example KSA but the company might server European citizens resides there
Assign topic to the user
Article 3 – Territorial scope – states in paragraph 2 that “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.” . So, if the company offers goods and services to people in the EU (actually positioned in the EU), GDPR applies to the company. If the company offers goods and services to people in non-EU countries, and the company is not in the EU, GDPR doesn’t apply to them (even if EU citizens reside in the services countries).
Please also consult these links:
- Article 3 GDPR – Territorial Scope https://advisera.com/eugdpracademy/gdpr/territorial-scope/
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
- Is the GDPR applicable to our company? https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/
- Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR https://edpb.europa.eu/our-work-tools/documents/public-consultations/2021/guidelines-052021-interplay-between-application_en
Comment as guest or Sign in
Sep 02, 2022