Status of non-EU processors under Article 3(2) GDPR

A thorough analysis of clear things and grey zones of the EDPB Guidelines 3/2018 on territorial scope.

My attention was, in particular, drawn by a friendly reminder that a status of a non-EU processor is dual as per Article 3(2):

  • it is indirectly influenced by the GDPR if carries out processing on behalf of a EU controller (through the data processing agreement under Article 28 and Chapter V obligations);
  • It is directly caught by the GDPR if the respective processing activities carrying out on behalf of a controller meet the ‘targeting criterion’ in a sense of Articles 3(2)(a) and 3(2)(b).

More to read – see below.

Leave a Reply

Your email address will not be published.