Who does the GDPR apply to?
In order to answer this question, you have to ask yourself five questions. If you answer yes to any of the following questions, you have to comply with the GDPR.
- Are we established in the Union?
- Do we offer goods or services to people in the EU?
- Do we monitor the behaviour of people in the EU?
If you answered yes and you fall within the GDPR’s catchment area, you can find out how we can help you to comply. The risks are significant and there is no time to lose – the GDPR was implemented on 25 May 2018.
Unfortunately, answering these questions can be harder than it appears. In order to find answers for our clients, we have done lots of research and reading about these questions and the issues that they raise.
If you answered no to the questions, you might still need to comply with the GDPR in a controller-processor relationship. Two scenarios need to be looked at:
Scenario 1: You are a processor for a controller who must comply
In this case, you are not obliged by law to comply with the GDPR. However, your controller will probably contractually oblige you to comply (Ref article 28 of the GDPR). It might be worthwhile to prepare your company for those obligations beforehand.
Scenario 2: You have a processor in the EU
You do not have to comply with the GDPR. The processor will need to comply with processor aspects of the GDPR, but this does not trigger the application of the GDPR to you.
We know you’re busy but this is important. You need to know whether you have to comply or not. If not, you can afford to procrastinate. If you must comply, you have no time to lose and you need to take action fast.
We can help you find answers
- We can consult with you privately to go through the questions and determine whether or not your specific organisation has to comply.
- We can provide you with a legal opinion on whether or not your specific organisation must comply.
