Not only people move all around the world using a different kind of services and apps and leaving their data on numerous places, but also, by sitting at home and surfing the internet they exchange a lot of information worldwide. So the question is, does everybody need to be the GDPR compliant?
GDPR will apply to you if:
1. Your company is established in the EU – GDPR is EU regulation and applies to all businesses operating in the EU
2. Your company is established outside the EU- but it offers goods/services (paid or for free) or monitors the behavior of individuals in the EU
3. You collect such information, process it or use it in any other way
4. One or more of your employees are EU citizens
5. You collect and process data on behalf of third parties
GDPR doesn’t apply if:
1. Your organization outside the Union offering goods or services to or tracking the behavior of an individual who is NOT physically in the Union
2. A natural person processes personal data in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity.
Generally, there is a discussion regarding non-complying with GDPR, therefore, the courts’ decisions are expected to resolve some doubts.
An example of a tricky situation would be:
The EU citizen orders a product/service to be delivered in the non-EU country, it is beyond the jurisdiction of the GDPR. But, if you asked for his/her email address and want to send newsletters, then it will apply once the person goes back to the EU.