Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II
‎03-27-2019 04:20 AM
‎03-27-2019 04:20 AM

GDPR Scope

Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?

 

Regards

 

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
Reply
9 Replies
Balby84
Newcomer II
‎03-27-2019 07:40 AM
‎03-27-2019 07:40 AM

This is actually a quite interesting question, following this thread

Reply
0 Kudos
Flyslinger2
Community Champion
‎03-27-2019 07:40 AM
‎03-27-2019 07:40 AM

Personally I would never want someone that I didn't elect making laws "on my behalf".  Most likely they wouldn't have my best interests at heart because they didn't consult me.

 

 

Reply
0 Kudos
AlecTrevelyan
Community Champion
‎03-27-2019 09:28 AM
‎03-27-2019 09:28 AM

@iluom wrote:

Does GDPR apply to Non-EU data subjects (living outside the EU member countries) if the controller(Data Owner company) or processor (Cloud Service Provider )company based in the EU?

 

Regards

 

 

 

Yes, the GDPR would apply in your example.

 

This is covered under the first point in Article 3 of the General Provisions section of the GDPR:

 

https://gdpr-info.eu/art-3-gdpr/

 

"Article 3

 

Territorial scope

 

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

 

Effectively it is saying that all EU based companies have to process ALL personal data in accordance with the GDPR.

 

Reply
AlecTrevelyan
Community Champion
‎03-27-2019 09:29 AM
‎03-27-2019 09:29 AM

@Flyslinger2 wrote:

Personally I would never want someone that I didn't elect making laws "on my behalf".  Most likely they wouldn't have my best interests at heart because they didn't consult me.

 

 

This is one of the core arguments used by people who voted for Brexit.

 

Reply
Balby84
Newcomer II
‎03-27-2019 09:40 AM
‎03-27-2019 09:40 AM

I think the point here is that if you do business in a specific country, you will follow the rules of that country.

Reply
MikeGlassman
Contributor II
‎03-27-2019 10:19 AM
‎03-27-2019 10:19 AM

If you happen to be an American, and with no intention to say something against America, but the data laws in place there, as well as the gvm'ts ability to access any data it wants at any time with the flip of a finger, should make you wish your data was stored in the EU or subject to EU regulations.

 

I, when considering where to store my corporate data, will never store it in the US, for that reason.

 

so you should be happy with what the EU does in privacy regards, even if it is a bit of a mishmash.

Sincerely,

Mike Glassman, CISSP
Iguana man
Reply
MikeGlassman
Contributor II
‎03-27-2019 10:21 AM
‎03-27-2019 10:21 AM

I would change the words "you will" to "you are required".

This is even more true if you are discussing privacy issues.
Sincerely,

Mike Glassman, CISSP
Iguana man
Reply
HTCPCP-TEA
Contributor I
‎03-27-2019 12:01 PM
‎03-27-2019 12:01 PM

If ever you have any sort of doubt around whether GDPR is in scope or not, follow a simple rule:

 

If at any point a reference is made to the EU, an EU citizen or anything European, it is more or less certain that GDPR is applicable. 

 

Therefore, while looking at your task, if any single piece of it lands on EU soil, or citizen - Bingo - GDPR. 

 

Cheers

 

 

Reply
iluom
Contributor II
‎03-27-2019 12:13 PM
‎03-27-2019 12:13 PM

Smiley Happy awesome!!!

Chandra Mouli, CISSP, CCSP, CSSLP
Reply