In part one of conundrums related to the GDPR applicability regime, I discussed how the applicability regime of the GDPR affects controllers and concluded that the scope provisions in the German and U.K. implementation laws are too broad and lead to unnecessary accumulation of the national laws of the member states. The draft U.K. implementation law, however, also seems to apply to non-EU processors providing B2B services to companies, if such companies (i) are established in the U.K. or (ii) are not established in the U.K., but offer services or goods to or monitor behavior of individuals in the EU.
|Place of Publication||https://iapp.org|
|Media of output||Online|
|Publication status||Published - 6 Feb 2018|