Who does GDPR apply to?

GDPR applies to most organizations that process the personal data of individuals residing in the European Union regardless of where they are established, and where the processing activities occur. The scope of the GDPR is broad and extraterritorial, meaning it can also apply to organisations outside of the EU.

Article 3 of GDPR mentions its territorial scope. It applies to any organization that is:

Established in the EU and processes personal data of EU citizens or residents.
Not established in the EU but offer products or services or monitor individuals in the EU.

Offering products or services means that even if you are not conducting any commercial activity, your business intent to target EU residents will be considered.

Monitoring behaviour would include activities that allow your business to track EU residents. For instance the use of tracking cookies or IP addresses.

Start your compliance right away

14-day free trialCancel anytime

Get started for free

View plans

Who does GDPR apply to?

See also

Start your compliance right away

Get Started

Products

Solutions

Resources

Free Tools

Compare

Company

PartnersJoin us!

Legal

Who does GDPR apply to?

Related articles

See also

Start your compliance right away