Businesses outside the EU…

The General Data Protection Regulation (GDPR) is a single EU law which plans to harmonise the current data protection laws within the European Union (EU). It is  scheduled to come into force in 2016. The proposed GDPR will be applicable to certain businesses outside the EU that process personal data. A non-EU establishment will be accountable to the proposed law on condition that:

  • Goods and services are offered to EU data subjects (whether for free or at an expense) or
  • Supervise the behaviour of EU data subjects.

Businesses outside the EU that were not subject to the Data Protection Directive (DPD) will need to seek legal advice on whether any of their subsidiaries will be caught under the GDPR. Online businesses with EU customers are examples of entities that may be required to follow the proposed regulation. Any establishment that is subject to the GDPR is advised to review and enforce strict data compliance measures. Businesses should also expect an increase in financial expenses in compliance.