GDPR for non EU Countries

It’s not just Europe!

NOTE: The information included on this page is meant to guide you through the process of understanding GDPR and is not a substitute for legal advice. We advise everyone to seek their own legal opinion from a qualified lawyer. 

Does GDPR apply to non EU Countries?

Most likely yes. GDPR applies to any country dealing with personal data from the EU. For example, if you have a website that collects personal data in the EU, then yes GDPR applies to you. Your company is subject to the same law, and consequences of non-compliance.

This is also true for non-profits. It’s not just companies, but any organisation dealing with personal data in the EU.

This is known as Territorial Scope. Article 3 details this.

  1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
    1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
  3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Useful Links

https://gdpr.eu/companies-outside-of-europe/