Extraterritorial applicability of laws like the EU General Data Protection Regulation is very complex and lays out challenges for privacy pros. Outside the European Union, it applies when an organization’s data processing activities relate to offering goods or services to — or monitoring the behavior of — EU data subjects in the EU. But what does that mean in practice? To help answer this difficult question, check out the break out session, “The Long Arm of the GDPR – The Who, What and Where for Non-European Companies,” which was programmed by the IAPP’s Privacy Bar Section Advisory Board. In the meantime, dive into this recent Privacy Advisor article on territorial scope, written by Publications Advisory Board member Gary Weingarden, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, PLS.
If you want to comment on this post, you need to login.