cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor I

GDPR Scope

Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?

 

Regards

 

 

 

Mouli, CISSP
9 Replies
Newcomer II

Re: GDPR Scope

This is actually a quite interesting question, following this thread

Community Champion

Re: GDPR Scope

Personally I would never want someone that I didn't elect making laws "on my behalf".  Most likely they wouldn't have my best interests at heart because they didn't consult me.

 

 

Advocate I

Re: GDPR Scope


@iluom wrote:

Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?

 

Regards

 

 

 


Yes, the GDPR would apply in your example.

 

This is covered under the first point in Article 3 of the General Provisions section of the GDPR:

 

https://gdpr-info.eu/art-3-gdpr/

 

"Article 3

 

Territorial scope

 

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

 

Effectively it is saying that all EU based companies have to process ALL personal data in accordance with the GDPR.

 

Advocate I

Re: GDPR Scope


@Flyslinger2 wrote:

Personally I would never want someone that I didn't elect making laws "on my behalf".  Most likely they wouldn't have my best interests at heart because they didn't consult me.

 

 


This is one of the core arguments used by people who voted for Brexit.

 

Newcomer II

Re: GDPR Scope

I think the point here is that if you do business in a specific country, you will follow the rules of that country.

Contributor I

Re: GDPR Scope

If you happen to be an American, and with no intention to say something against America, but the data laws in place there, as well as the gvm'ts ability to access any data it wants at any time with the flip of a finger, should make you wish your data was stored in the EU or subject to EU regulations.

 

I, when considering where to store my corporate data, will never store it in the US, for that reason.

 

so you should be happy with what the EU does in privacy regards, even if it is a bit of a mishmash.

Contributor I

Re: GDPR Scope

I would change the words "you will" to "you are required".

This is even more true if you are discussing privacy issues.
Contributor I

Re: GDPR Scope

If ever you have any sort of doubt around whether GDPR is in scope or not, follow a simple rule:

 

If at any point a reference is made to the EU, an EU citizen or anything European, it is more or less certain that GDPR is applicable. 

 

Therefore, while looking at your task, if any single piece of it lands on EU soil, or citizen - Bingo - GDPR. 

 

Cheers

 

 

Highlighted
Contributor I

Re: GDPR Scope

Smiley Happy awesome!!!

Mouli, CISSP