The GDPR* is applicable if the personal data is processed by a controller or processor based in the EU and also, to non-EU data controllers and processors which process personal data of EU data subjects where the processing is related to the offering of goods or services, irrespective of whether a payment of the data subject is required; or the monitoring of their behaviour within the Union.
Useful? Embed this infographic on your website.
Accordingly, many non-EU jurisdictions are in the process of drafting or updating their data protection regulations. Since, if a third country is considered as offering an adequate level of protection, this will allow the free flow of EU Personal Data without the implementation of additional safeguards.
The above is highly desirable. It is worth to mention, that while with incomplete data**, only in the financial sector, according to the Bank for International Settlements, “Offshore Finance” – provision of financial services by banks and other agents to non-residents, it can take the form of lending or borrowing money or taking deposits and investing in financial markets elsewhere or funds managed by financial institutions at the risk of the customer– is a very sizeable activity representing trillions of dollars in cross border assets.
Hence, imagine, how much personal data is processed in each transaction and how many transactions need to be concluded per day by a financial institution or other agents.
Plus, personal data is not only processed in order to conclude a financial transaction, it is also processed to comply with financial regulations which may involve close supervision of the behaviour of traders and investors in the financial markets, control of risk-taking and protection of consumers, investors, and taxpayers against risky activities, directives on money laundering and terrorist financing, etc.
* Adopted EU legal act marked as EEA relevant by the EU and under scrutiny for incorporation into the EEA Agreement by Iceland, Liechtenstein, and Norway.
** Because not all the activities are captured in the Statistics, such as off-balance sheet, or fiduciary, or activities done by International Business Companies or other intermediaries not associated with financial institutions.
Latest posts by Jessica Lam (see all)
- How to protect your personal data? - March 4, 2019
- Enforcement of judgement: Update CJEU Case C 210/16 - September 7, 2018
- Data Protection and Marketing - August 7, 2018