GDPR’s Extra Territorial Scope – what it means for you

We know that the new General Data Protection Regulation (GDPR) legislation that became enforceable late last month applies to companies that are based or do business in the European Union, but what does this new legislation mean for those of us outside the EU?

Some of you might be tempted to skip this post now because you’re not in the EU. You could be mistakenly thinking this doesn’t apply to you. You couldn’t be more wrong.

The GDPR legislation uses the term increased territorial scope, which means that it applies to companies that are in the EU and also out of the EU.

If your business collects any form of personal data from an EU citizen, whether they are presently living in the EU or not, then you are required to not only comply with GDPR, but you are subject to their 20 million Euro penalties for non-compliance.

Personal data could include information collected during a transaction in an online store, or even analytics data describing their online behaviour if it takes place in the EU.

The actual wording of Article 3 of the GDPR confirms it’s applicability to any ‘data subject’ in the EU. This means a person of any citizenship living in the EU, their nationality does not matter. This legislation aims to protect all personal data of any one in the EU, even those people visiting.

If you are a business with a target market in the EU, then the GDPR applies to your business.

So if a business is trying to target its goods and services for sale within the EU, it will be caught by GDPR.

Research conducted in the UK, showed that many businesses failed to understand this reach of GDPR, and many are not yet ready despite the compliance date passing. It’s expected that only 38% of businesses would be ready in time. This figure is worse overseas and many businesses remain non-compliant at May 25, 2018.

So you might be thinking how can this be enforced? If your business is based outside the EU, and you were targeted because you did not meet the GDPR requirements then at the moment the process for serving formal enforcement is unclear. Conceivably however, they could use a court injunction, they could block an online service, or they could seize goods at the border.

Many organisations don’t know whether they hold data on EU customers, but it’s probably time to check whether you might need to take action on GDPR.

5 Ways to Repel a Brute Force Attack

October 25, 2018 No Comments

Brute Force attacks are a way of guessing your password. Hackers use automated ‘robots’ to discover username and password combinations to exploit your website. Here are some useful tips that we can all use to protect your website.

What are the Benefits of a CDN?

June 15, 2018 No Comments

If you don’t know much about what a Content Delivery Network (CDN) is, and what it does, then start here. This will give you an overview and help you build your knowledge and make a decision about whether CDN is right for you.

7 Things We Want to Know Before We Build Your Website

February 5, 2019 No Comments

Yes, your developer should have a portfolio of work, but if they fail to take an interest in you it won’t end well. Why? Because they’ll be building your website from their point of view, not yours.

A Better Way to Build Websites

October 1, 2018 No Comments

We feel there’s a better way than fulfilling the demands of a requirements document – and it’s about putting our clients at the centre of what we do.

How we can help

We develop, maintain and support WordPress websites that get results. Get business grade web hosting platform, engineered for performance and backed by 24/7 expert support.

Headquarters

Suite C, Level 7, World Trust Tower
50 Stanley Street,
Central, Hong Kong.

Phone: +852 8198-0031

Access your services

Hosting

Terms

Services

© Copyright 2024 Asporea Consulting Limited. All rights reserved