EDPB, Guidelines 3/2018, 16 November 2018

European Data Protection Board: Guidelines on Territorial Scope of GDPR

On 16 November 2018, the European Data Protection Board (EDPB) adopted its Guideline 3/2018 on the territorial scope of the GDPR (Article 3). The Guidelines seek to help provide a common interpretation of the territorial scope of the GDPR and further clarification on the application of the GDPR in various standard situations, in particular where the data controller or processor is established outside of the EU, including on the designation of a representative.

Guiding Principles

Through a common interpretation by data protection authorities in the EU, these guidelines seek to ensure a consistent application of the GDPR when assessing whether particular processing by a controller or a processor falls within the scope of the new EU legal framework:

  • Common Interpretation:
    The Guidelines set out and clarify the criteria for determining the application of the territorial scope of the GDPR because a common interpretation is essential for controllers and processors, both within and outside the EU, so that they may assess whether they need to comply with the GDPR.

  • Representatives in the EU:
    The Guidelines provide clarification on the process for the designation of a representative under Article 27 and its responsibilities and obligations.

  • Typcal Processing Scenarios:
    The Guidelines specify the various scenarios that may arise, depending on the type of processing activities, the entity carrying out these processing activities or the location of such entities, and detail the provisions applicable to each situation.

Consequence

It is essential that controllers and processors, especially those offering goods and services at international level, do undertake a careful and in concreto assessment of their processing activities, in order to determine whether the related processing of personal data falls under the scope of the GDPR.

EDPB, Guidelines 3/2018 on the territorial scope of the GDPR (Article 3), adopted on 16 November 2018

Verlag Dr. Otto Schmidt vom 06.12.2018 15:18

zurück zur vorherigen Seite