Non-EU firms unaware of GDPR compliance

Author: Olly Jackson | Published: 16 Mar 2018

The General Data Protection Regulation (GDPR) will create a global network of EU data protection, sending a strong message that EU data must be protected around the world. Non-EU firms using servers or relying on employees in the EU for data handling, firms processing personal data to offer goods or services to EU citizens and those monitoring behaviour in the EU all must comply with GDPR. But the extent of their obligations is unclear.

GDPR is by far the most comprehensive framework for data protection and the widest, given its extraterritorial effect. It remains to be seen how strict the EU will be in enforcing the regulation but a case from four years ago offers some clues. The so-called Google Spain decision determined that Google’s data processing was subject to Spanish law because it 'orientates its activity towards the inhabitants of the member state,’ and activities of Google US and Google Spain were 'inextricably linked’. This,...



close Register today to read IFLR's global coverage

Get unlimited access to for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice


*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb