EU GDPR oder DSGVO für Firmen außerhalb der EU?
- by: Shaleen Wohrnitz
The answer is yes! The geographic scope of this Regulation is wide.
The bottomline is that if your company collects the personal information of an individual customer, client, staff member or supplier, who is an EU citizen, then you have to take the relevant steps to secure that information and ensure that person’s awareness and consent.
According to an article on Forbes.com, Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR.
Two points of clarification:
First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.
The second point is that a financial transaction doesn’t have to take place for the extended scope of the law to kick in. If the organization just collects “personal data” – known in the U.S. as personally identifiable information (PII) — as part of a marketing survey, then the data would have to be protected GDPR-style.
The best advice for companies is to do their homework, look over the checklists for compliance, get your website updated with all the relevant points in and ensure that your overall security is sufficient.