Where does the EU privacy law (GDPR) apply?
Quick reminder on where GDPR applies and when.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA.
The GDPR applies to any company that processes the personal data of EU citizens, regardless of where the company is located. This means that if a company based outside the EU processes the personal data of EU citizens, it must still comply with the GDPR.
The GDPR also applies to companies that offer goods or services to EU citizens, even if the company is not based in the EU. For example, if a US-based company sells products online to customers in the EU, it must comply with the GDPR.
In summary, the GDPR applies to any company that processes the personal data of EU citizens, whether the company is based in the EU or not, as long as it offers goods or services to EU citizens.
So, if you are not located in the EU, you only need to comply with the GDPR when interacting with, marketing to, or selling to people in the EU.
What is the difference between EU and EEA?
The European Union (EU) is a political and economic union of 27 member states located primarily in Europe. The EU operates as a single market, allowing free movement of goods, services, people, and capital within the member states. It also has its own currency, the euro, which is used by 19 of the 27 member states.
The European Economic Area (EEA) is a single market comprising the EU member states and three of the European Free Trade Association (EFTA) countries: Iceland, Liechtenstein, and Norway. The EEA allows for the free movement of goods, services, people, and capital between the EU and the EFTA countries.
In short, the EU is a political and economic union of member states, while the EEA is a single market comprising the EU and some non-EU countries. The GDPR applies to both the EU and the EEA.