The European Union's General Data Protection Regulation (“GDPR“) is an interesting piece of legislation for several reasons but especially due to its application to businesses not connected to the EU at all. The GDPR is designed to protect data belonging to EU citizens and residents and therefore applies to all organisations that handle EU citizens’ data, regardless of where they are based, i.e., it has an extra-territorial effect.
However, organisations in non-EU countries also have to apply and comply with their own national legislation covering data protection and privacy.
Nevertheless, the GDPR has had a strong influence on non-EU jurisdictions; in some countries this has been reflected through national legislation, and in others the local data protection regulators promote compliance with the GDPR in addition to the national systems. In yet others, however, differences between the national law and the GDPR remain in place.
Since some organisations have to comply with both national data privacy laws and the GDPR, we invite you to browse through the overview below for further information on the topic.
Although this resource may provide information concerning potential legal issues, it is not a substitute for legal advice from a qualified legal professional. This resource is not created nor designed to address the unique facts or circumstances that may arise in any specific legal issue. We welcome you to reach out to the relevant country contact for legal advice.