https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20516#M748 <P>I think the point here is that if you do business in a specific country, you will follow the rules of that country.</P> Wed, 27 Mar 2019 13:40:05 GMT Balby84 2019-03-27T13:40:05Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20504#M743 <P>Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 Mar 2019 08:20:59 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20504#M743 iluom 2019-03-27T08:20:59Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20507#M744 <P>This is actually a quite interesting question, following this thread</P> Wed, 27 Mar 2019 11:40:04 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20507#M744 Balby84 2019-03-27T11:40:04Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20508#M745 <P>Personally I would never want someone that I didn't elect making laws "on my behalf".&nbsp; Most likely they wouldn't have my best interests at heart because they didn't consult me.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 Mar 2019 11:40:43 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20508#M745 Flyslinger2 2019-03-27T11:40:43Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20513#M746 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/637665353">@iluom</a>&nbsp;wrote:<BR /><P>Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>Yes, the GDPR would apply in your example.</P><P>&nbsp;</P><P>This is covered under the first point in Article 3 of the General Provisions section of the GDPR:</P><P>&nbsp;</P><P><A href="https://gdpr-info.eu/art-3-gdpr/" target="_blank">https://gdpr-info.eu/art-3-gdpr/</A></P><P>&nbsp;</P><P><EM>"Article 3</EM></P><P>&nbsp;</P><P><EM>Territorial scope</EM></P><P>&nbsp;</P><P><EM>1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."</EM></P><P>&nbsp;</P><P>Effectively it is saying that all EU based companies have to process ALL personal data in accordance with the GDPR.</P><P>&nbsp;</P> Wed, 27 Mar 2019 13:28:30 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20513#M746 AlecTrevelyan 2019-03-27T13:28:30Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20514#M747 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/297159657">@Flyslinger2</a>&nbsp;wrote:<BR /><P>Personally I would never want someone that I didn't elect making laws "on my behalf".&nbsp; Most likely they wouldn't have my best interests at heart because they didn't consult me.</P><P>&nbsp;</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>This is one of the core arguments used by people who voted for Brexit.</P><P>&nbsp;</P> Wed, 27 Mar 2019 13:29:27 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20514#M747 AlecTrevelyan 2019-03-27T13:29:27Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20516#M748 <P>I think the point here is that if you do business in a specific country, you will follow the rules of that country.</P> Wed, 27 Mar 2019 13:40:05 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20516#M748 Balby84 2019-03-27T13:40:05Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20520#M749 <P>If you happen to be an American, and with no intention to say something against America, but the data laws in place there, as well as the gvm'ts ability to access any data it wants at any time with the flip of a finger, should make you wish your data was stored in the EU or subject to EU regulations.</P><P>&nbsp;</P><P>I, when considering where to store my corporate data, will never store it in the US, for that reason.</P><P>&nbsp;</P><P>so you should be happy with what the EU does in privacy regards, even if it is a bit of a mishmash.</P> Wed, 27 Mar 2019 14:19:16 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20520#M749 MikeGlassman 2019-03-27T14:19:16Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20521#M750 I would change the words "you will" to "you are required".<BR /><BR />This is even more true if you are discussing privacy issues. Wed, 27 Mar 2019 14:21:39 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20521#M750 MikeGlassman 2019-03-27T14:21:39Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20530#M751 <P>If ever you have any sort of doubt around whether GDPR is in scope or not, follow a simple rule:</P><P>&nbsp;</P><P>If at any point a reference is made to the EU, an EU citizen or anything European, it is more or less certain that GDPR is applicable.&nbsp;</P><P>&nbsp;</P><P>Therefore, while looking at your task, if any single piece of it lands on EU soil, or citizen - Bingo - GDPR.&nbsp;</P><P>&nbsp;</P><P>Cheers</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 Mar 2019 16:01:58 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20530#M751 HTCPCP-TEA 2019-03-27T16:01:58Z https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20531#M752 <P><img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.isc2.org/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /> awesome!!!</P> Wed, 27 Mar 2019 16:13:28 GMT https://community.isc2.org/t5/Privacy/GDPR-Scope/m-p/20531#M752 iluom 2019-03-27T16:13:28Z