<iframe src="//www.googletagmanager.com/ns.html?id=GTM-5T7PGR" height="0" width="0" style="display:none;visibility:hidden">


Shedding some light on the territorial scope of the GDPR

Posted by on 26 November 2018

The European Data Protection Board (EDPB) following its fourth plenary session on November 16th of this year has published guidelines on the territorial scope of the General Data Protection Regulation (GDPR) for public consultation. The public consultation will be organised from 23 November 2018 to 18 January 2019.


Before the publication of these guidelines, much has been speculated and argued in and outside of the European Union (EU) regarding the effect of the GDPR and whether or not third countries would have to follow the rules set out in the Regulation. Nevertheless, many companies established in third countries dealing with the EU were unsure how to proceed. Although especially questions regarding enforcement actions and obligations in third countries remained unanswered, the bottom line drawn by most privacy professionals was that third-country controllers and processors with strong links to the EU should comply with the GDPR.

The newly published and long-awaited guidelines will now shed some light on the many questions asked by privacy professionals with regard to issues arising out of the GDPR. With the release of the guidelines, the EDPB in particular intends to clarify the territorial scope of the GDPR to ensure a common interpretation. While national enforcement in countries outside the EU remains a matter for those national laws, among other issues addressed, the guidelines do provide clarification on issues around:

  • the application of the establishment criterion in the context of controllers and processors established outside the EU;
  • the application of the targeting criterion in the context of controllers and processors established outside the EU;
  • the processing in a place where Member State law applies by virtue of public international law; and
  • the requirement for third country controllers or processors to designate an EU representative.

Click on the button below for the full text of the guidelines.



If you liked this article, you might be interested in reading about:

Checklist for a controller and processor agreement under the GDPR, by Nicola Benz and Ronald Kogens

Checklist Privacy Policy under the GDPR, by Nicola Benz and Cornelia Mattig

Simple in theory, complex in practice: the dual role as controller and processor under the General Data Protection Regulation, by Nicola Benz and Ronald Kogens 

Check for GDPR Compliance and receive a customised list of next steps for free, by Ronald Kogens and Nicola Benz


Photo by Mikael Kristenson on Unsplash

Topics: Data Protection

Name 13

Nicola Benz

Nicola Benz’s practice is focused on technology and life sciences transactions. She assists technology companies of all sizes, from start-ups to established players, as well as investors, suppliers and customers across a broad range of industries and sectors. Nicola Benz’s expertise covers outsourcing, licensing, joint ventures and collaborations and associated intellectual property issues. She also has considerable experience advising on all types of commercial contracts, competition and regulatory issues and data protection. Nicola Benz is recognised as a globally leading patent and technology licensing lawyer, as well as a leading practitioner in the field of intellectual property. Chambers Europe (2018) ranked her as leader in the fields of Intellectual Property and Life Science, and she was recommended in the 2018 edition of the Legal 500 EMEA for Intellectual Property as well as TMT matters. She has also been named as a thought leader for data law in the publication "Who's Who Legal 2018". Born in Scotland, Nicola obtained her law degree from the University of Edinburgh (LLB Hons) in 1997. She joined our firm as an associate in 2002 and became a partner in 2010. Since 2017 she has been the managing partner of our firm. Her working languages are English and German. Nicola is a member of the Zurich Bar Association, the International Trademark Association (INTA), the Licensing Executives Society (LES) and the International Technology Law Association (iTechLaw).

Connect with me:
Name 13

Cornelia Mattig

Cornelia Mattig specialises in data protection and intellectual property law, as well as corporate and commercial law issues. Cornelia Mattig joined Froriep as an associate in 2018. Before joining Froriep, Cornelia Mattig trained with firms in Ireland, Germany and Switzerland as well as at the District Court of March in the Canton of Schwyz. After she passed the Bar exam in the Canton of Schwyz, she worked as a notary public and lawyer in an accounting and auditing firm. She graduated from the University of Zurich with a Master of Law (Business Law) in 2014 before obtaining her LL.M. in European Law at Queen Mary University of London in 2017. She was admitted to the Bar in 2018. She also holds a Data Protection Officer Certificate from the University of Maastricht. Her working languages are German and English.

Connect with me: