The EDPB Guidelines 3/2018 recommends a threefold approach in determining whether or not personal data processing falls within the GDPR scope under Article 3(1): Does the controller or processor have an “establishment” in the EU? Example/ Does the controller or processor process personal data “in the context of the activities of” the establishment? Example/ Where does the processing take place? Example
Jessica Lam
Founder of LawInfographic, delivering trusted data to legal professionals.
Latest posts by Jessica Lam (see all)
- Processing Personal Data - March 30, 2021
- What is Privacy? - February 25, 2021
- What is Privacy Engineering? - January 14, 2021