Is GDPR for Europe only?

GDPR stands for General Data Protection Regulation and this law came into effect in May 25, 2018 in EU.  It’s the core of Europe’s digital privacy legislation. The main purpose of this law is to protect the data of EU residents and a company that comes under GDPR has to provide security, confidentiality and integrity to EU resident’s data which they process. 

This rule gives European Union residents more control over their personal data. Today we live in a world where we share our personal details everywhere, such as in social media, banks, retailers, with government and every service we use involves the collection and analysis of our personal data.  These organizations store data like your name, address, credit card number, and other. It also binds organizations to strict new rules about using and securing the personal data they collect from people. To give privacy to your personal data and your control over it, EU brought GDPR. If any company or organization does not comply with GDPR regulations then they can be penalized with 4% of their global annual revenue or €20 million, whichever is higher.

IS GDPR only for Europe?

Though GDPR was brought in EU to protect the data of EU residents, it does apply to the organizations that are based in EU and outside EU. All the organizations that process and have access to EU resident’s data have to comply with GDPR even if the company is located outside EU. 

Article 3.1 states that the GDPR applies to companies that are based in the European Union even if the data are being stored or used outside of the EU.

 Article 3.2 states that companies that are not located in European Union also have to comply with GDPR if two conditions are met: if they offer goods or services to residents in the EU, or if companies monitors individual’s online behavior. 

When does the GDPR apply outside Europe?

As stated above there are two conditions under which non EU companies might have to comply with GDPR. Let us discuss more about them.

Offering goods or services

This simply means that if your organization is based outside EU but offer services to EU customers through a website that cater to EU customers, then you should strive to be GDPR compliant.

Monitoring their behavior

If your organization monitors the online behavior of EU customers then you have to comply with GDPR. Example, if an organization uses web tools that allow you to track cookies or the IP addresses of people who visit your website from EU countries, then your organization has to comply with GDPR.