The General Data Protection Regulation (GDPR) does not just impact companies located in the European Economic Area (EEA). It has a “long-arm” provision which may subject foreign companies to its jurisdiction. There is a fair amount of uncertainty regarding how this provision may be applied. The European Data Protection Board (EDPB) has recently issued updated guidelines that shed some light on how national Supervisory Authorities are expected to interpret the extra-territorial reach of the GDPR (guidelines).^[1] This article focuses on one aspect of the guidelines that may negatively affect vendors located outside the EEA.
Continue Reading Non-EEA Based Vendors Caught by GDPR’s Long-Arm Provisions