Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Understanding the territorial scope of the GDPR

Jaclyn Jaeger | January 10, 2019

Companies outside the European Union now have some much-needed guidance on the territorial scope of the EU’s General Data Protection Regulation to determine whether they are directly subject to the GDPR’s stringent data-privacy protection requirements.

On Nov. 23, 2018, the European Data Protection Board (EDPB)—the European Commission body tasked with ensuring that the GDPR is applied consistently across the EU—released the first official guidance on how the GDPR will be applied in practice. Although still in draft form, the guidelines provide important insight on how the regulation applies to companies and activities outside the European Union.

Since taking effect in May 2018, the GDPR has left many companies flummoxed. “The GDPR’s territorial scope of application has become one of the most difficult issues to pin down,” Eduardo Ustaran, a partner in the global Privacy and Cybersecurity practice of Hogan Lovells, wrote in a...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.