Some might find the topic concerning who is affected by GDPR, the EU's data privacy law, and where they are affected confusing, but here is how it works. If a user is in Europe and connects to a website or service outside Europe, that service has to provide the same privileges (information protection) and security as if operating from Europe, and therefore must comply with the new regulations that impose GDPR. Another example is the case of any non-European citizen, who is in EU territory and who connects to a website that he or she usually use when they are outside Europe. In this case, the site must comply with the new legislation, since GDPR applies to everyone who is in the EU at that time – not just its citizens. Therefore, if a company provides services in the EU or if its site has users from the EU, whether visitors to the EU or EU citizens, it is important that the company make sure it complies with GDPR.
Disclaimer: The information in this post is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from our firm or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.