Article 3

Territorial Scope

Overview:

The article defines the territorial scope of GDPR. The article specifies the following:

  1. The regulation is applicable to data controllers and processors even if the processing activity is outside the EU, given the fact that the processing involves the personal data of EU citizens.
  2. The regulation is applicable to all data controllers and processors located outside the EU if the processing involves personal data of EU citizens.

Implementation Guidance

  1. Perform a data discovery exercise to identify whether personal data of EU citizens are involved in any processing activity.

Compliance Checklist

  1. Data Inventory

Examples and Use Cases

  1. An Ireland based online book store  processing the personal data of the EU citizens for fulfilling the orders and GDPR is applicable in this situation.
  2. A US based fashion retail company that does not have an office in the EU but processes the personal data of EU citizens for fulfilling the orders. GDPR is applicable in this case as the personal data of EU citizens is processed despite the fact whether the US company has an office in the EU or not.
Scroll to Top