I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon. The GDPR applies not just to all EU organizations that process personal data. The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU.
The GDPR thus has quite a long arm in its reach. Any organization, even those with no physical presence in the EU, can fall under the scope of the GDPR.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.