While current EU legislation (the 1995 Data Protection Directive) governs entities within the European Union, the territorial scope of the GDPR is much broader, in the sense that it will also apply to companies established outside the EU which
a) sell their products to EU residents; or
b) monitor the behaviour of individuals in the EU.
In other words, even if you are based outside the EU, from the moment you control or process data from EU citizens, you are affected by GDPR.
As all companies are different and the GDPR follows a risk-based approach to data protection, companies need to evaluate their own data collection and storage practices. They must also seek legal advice to ensure that their business practices comply with the GDPR.
Was this article helpful?
Cancel
Thank you!