Guest user Created: Jun 29, 2018 Last commented: Jun 29, 2018

GDPR/Terms and conditions

We are the booking software company. User register account on our side and different clients can make appointments (like airbnb for instance). We are a data controller for our users and data processor for clients of our users.

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Jun 29, 2018

There are 2 issues:
1. Should we be GDPR compliant for users who have registered account with us and are not EU citizens ?
2. Should we be GDPR compliant for users who have registered account with us and are not EU citizens and don't serve EU clients?

Answer:

The key to understanding when EU GDPR is applicable is understanding the meaning of “in the Union.” The EU GDPR will only apply to personal data regarding individuals within the Union, while the nationality or habitual residence of those individuals is irrelevant. For example, a company based in the EU which is processing the data of Japanese individuals located in Japan will still need to comply with the EU GDPR. Consequently, the Japanese individuals will be benefiting from all rights according to the EU GDPR, even if these rights do not exist in their own nation’s laws.

When the data of EU citizens is processed outside of the EU by companies which are also outside the EU, then this is not considered to be “in the Union”. For example, the EU GDPR will not be applicable for a school which is based in the United States just because there is a possibility that one or several of its students would be EU citizens. In this case the processing does not take place “in the Union,” nor is the individual “in the Union”.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 29, 2018

Expert Advice Community