Understanding Article 3 GDPR
Organizations established in the European Union
Article 3 GDPR deals with the territorial scope of the regulation.
Essentially, GDPR will apply to the processing of personal data by a data controller or processor established in the Europen Union regardless of whether or not the data processing actually occurred in Europe or not.
Organizations established outside of the European Union
What’s important to note with GDPR is that it will also apply to foreign organizations outside of the European Union provided they process personal data of individuals, or data subjects, located in Europe.
Companies offering goods or services to data subjects in Europe will be subject to GDPR.
Companies that monitor the behaviour of European data subjects will also be subject to GDPR.
Other territorial application of GDPR
GDPR will also apply to foreign organizations not located in the European Union if they operate in a place where the laws of any of the European Member country applies by virtue of the public international law.
Recitals applicable to Article 3 of GDPR
Recitals: 22, 23, 24, 25
GDPR Regulation article-by-article overview
Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.
GDPR Text: Article 3 of GDPR and relevant recitals
GDPR Text Source: EUR-Lex
Official GDPR Text: General Data Protection Regulation
Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)