My understanding was that GDPR requirements apply to all citizens of the EU regardless of where the company is located. Someone else can chime in if that's not accurate!
That's wrong. According to EU, GDPR applies to EU residents and the companies need to protect EU resident privacy no matter which country they hail from.
GDPR actually applies to all EU citizen data, regardless of where the citizen resides.
"If your enterprise has a presence on the internet in the form of a website and if your enterprise collects personal data from customers regardless of where those customers are located, it is subject to the provisions of the GDPR." [1]
GDPR applies to (i) people in the EU regardless of where the the company is or (ii) companies in the EU irrespective if the data comes from someone outside the EU
The GDPR relies on international treaties to make the location of the business irrelevant. Any company processing data of EU citizens must comply IIRC.
Depends. Do they have EU citizens in their database? GDPR is an EU law that applies to EU citizens around the world, including the US. If you are a non-EU citizen, you can't claim GDPR of course. If you are an EU citizen, you can claim GDPR regardless of the residence of the company AFAIK.
Enforcement of GDPR is a different matter. I am not sure whom I'd complain to, other than my representative in the European parliament. I could probably sue them though, if I found my data there and they refused to comply with my GDPR request.
That's not correct. As soon as you want to do business with someone currently located in the EU (doesn't even have to be an EU citizen), GDPR applies, no matter where your company is located.
The GDPR applies to the data of people residing in the EU. The location and profitability of the organization collecting the data isn’t a factor. (Though it may introduce questions of enforcement.)
reply