Welcome! Here you can read the full GDPR text (only in English).
Article 3 GDPR
Territorial scope
1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) | the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or |
(b) | the monitoring of their behaviour as far as their behaviour takes place within the Union. |
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
Suitable recitals
- Recital 22: Processing by an Establishment
- Recital 23: Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Targeted
- Recital 24: Applicable to Controllers/Processors Not Established in the Union if Data Subjects Within the Union are Profiled
- Recital 25: Applicable to Controllers Due to International Law
We teach companies and their employees about the EU General Data Protection Regulation (GDPR). It is an EU regulation that all companies within the EU/EEA must comply with. GDPR is also applicable to companies registered outside of the EU/EEA, if they process personal data that belongs to individuals within the EU/EEA.