GDPR: Who is affected ?

8 february 2021

GDPR: Who is affected ?

By Clément Avenel - CEO @Colibri DPO

Two types of people are affected by the General Data Protection Regulation. Individuals, who enjoy certain rights under the GDPR and legal persons, who have duties.

Enjeux du RGPD

Individuals

The main objective of GDPR compliance is to improve the protection of our personal data, and therefore by extension, the protection of natural persons. Since the GDPR is a European law, its scope primarily covers European citizens.

However, we observe that a significant benefit of the GDPR can be brought to non-EU citizens, because the companies concerned better secure personal data and sometimes give them the possibility of exercising the same rights as European citizens.

  • European citizens

    Real law of ethics and hygiene of the practices related to personal data, the RGPD allows to give back the power to their owners: We, European citizens! Indeed, European citizens benefit from rights which they can exercise (Articles 15, 16, 17, 18, 20 and 21 of the RGPD), satisfied thanks to the various RGPD compliance processes of companies, ensuring the proper use of their personal data.

Regarding the obligation of compliance with the GDPR of a legal person, 2 criteria make it possible to identify the companies concerned:

  • Companies established in the territory of the European Union

    The GDPR concerns all companies established in the territory of the European Union, processing personal data. This applies, regardless of the size of the company, its turnover, or its activity.

    Company subcontractors, who process personal data for which the company is responsible, are also subject to the GDPR, even if these subcontractors are not located in European territory.

    Indeed, the GDPR establishes a principle of co-responsibility between the data controller (the company) and its subcontractors, concerning personal data, to which service providers have access.

  • Companies that directly target European residents

    The GDPR has an extraterritorial scope. Companies located outside the European Union that directly target consumers located in the EU are also affected. Whether the offer concerns goods or services, the GDPR applies to the processing of the data of these consumers.

    These companies must designate a representative in the European Union, in order to facilitate relations between the European authorities for the protection of personal data and foreign companies subject to the GDPR.

Conclusion


Easily manage your GDPR compliance

Book a demo