Non-EU firms unaware of GDPR compliance

Author: Olly Jackson | Published: 16 Mar 2018

The General Data Protection Regulation (GDPR) will create a global network of EU data protection, sending a strong message that EU data must be protected around the world. Non-EU firms using servers or relying on employees in the EU for data handling, firms processing personal data to offer goods or services to EU citizens and those monitoring behaviour in the EU all must comply with GDPR. But the extent of their obligations is unclear.

GDPR is by far the most comprehensive framework for data protection and the widest, given its extraterritorial effect. It remains to be seen how strict the EU will be in enforcing the regulation but a case from four years ago offers some clues. The so-called Google Spain decision determined that Google’s data processing was subject to Spanish law because it 'orientates its activity towards the inhabitants of the member state,’ and activities of Google US and Google Spain were 'inextricably linked’. This,...