The deadline to comply with the General Data Protection Regulation (GDPR) was 25 May 2018. The date has come and gone. People all over the world are rushing to comply and are working hard to implement the required controls. The big question is do you have to comply with it? Who does the GDPR apply to? What is the territorial scope of the GDPR?
Many people do not realise that this law has long tentacles and applies to many more organisations that they thought. It is the global gold standard for data protection. In some ways, Europe has exported their data protection laws to the rest of the world.
Who does the GDPR apply to?
In order to answer this question, you have to ask yourself five questions. If you answer yes to any of the following questions, you have to comply with the GDPR.
- Are we established in the Union?
- Do we offer goods or services to people in the EU?
- Do we monitor the behaviour of people in the EU?
- Are we a processor for a controller who must comply?
- Do we have a processor in the EU?
If you answered yes and you fall within the GDPR’s catchment area, you can find out how we can help you to comply. The risks are significant and there is no time to lose – the deadline is 25 May 2018.
Unfortunately, answering these questions can be harder than it appears. In order to find answers for our clients, we have done lots of research and reading about these questions and the issues that they raise. We know you’re busy but this is important. You need to know whether you have to comply or not. If not, you can afford to procrastinate. If you must comply, you have no time to lose and you need to take action fast.
We can help you find answers
- We can consult with you privately to go through the questions and determine whether or not your specific organisation has to comply.
- We can provide you with a legal opinion on whether or not your specific organisation must comply.
- From time to time we run free 30-minute webinars. We’ll empower you to answer these questions so that you have answers when the board or your boss asks you about the GDPR. John Giles, our managing attorney, usually facilitates the webinar and explains it simply and answers your questions. Often, a discussion is required which is why a webinar makes sense. Please note that this webinar is not a general overview of the GDPR – it is focussed on answering the key question of whether or not you need to comply. If you’d like to attend the next one, please subscribe to get our newsletter.