GDPR for non EU Countries
It’s not just Europe!
NOTE: The information included on this page is meant to guide you through the process of understanding GDPR and is not a substitute for legal advice. We advise everyone to seek their own legal opinion from a qualified lawyer.
Does GDPR apply to non EU Countries?
Most likely yes. GDPR applies to any country dealing with personal data from the EU. For example, if you have a website that collects personal data in the EU, then yes GDPR applies to you. Your company is subject to the same law, and consequences of non-compliance.
This is also true for non-profits. It’s not just companies, but any organisation dealing with personal data in the EU.
This is known as Territorial Scope. Article 3 details this.
- This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
- This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
- the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
- This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.