When does the General Data Protection Regulation apply to companies outside the EU?

Until now, EU data protection law only applied to companies that had an establishment in the EU. The General Data Protection Regulation (GDPR) now deviates from this principle, which means that the new law potentially affects not only companies in the EU. The scope of the law also covers companies outside the EU under certain conditions. In particular, Swiss companies that are often active in the EU could be affected by the GDPR.

This cross-border applicability has led to uncertainty for many companies outside the EU.

Data protectionGuest author3 July 2019GDPR, Data Protection, International