Business Law Magazine

In May 25, 2018, the most important reform in EU data protection law in 20 years will enter into force. The General Data Protection Regulation (GDPR) will bring in wide- ranging new obligations. These changes are not only relevant to organizations that are established in the EU, but also to non-EU organizations, which means that all organizations must determine whether the GDPR applies to them.

Where does the GDPR apply?

The GDPR introduces two principles with regard to territorial applicability: establishment and marketplace rule. According to Article 3 of the GDPR, the new regulation applies:

If the processing of personal data takes place in the context of activities of an establishment of an organization in the EU, regardless of whether the processing takes place in the EU or not (“establishment rule”; Article 3(1) of the  GDPR).

To continue reading, please visit