What is the scope of the GDPR?
The scope of the GDPR is often the most debated and confusing element. There have been many posts asking for clarifications of who a data subject is and what is the territorial scope of the GDPR. This my attempt at explaining what the scope of the GDPR is in a pictorial way.
>>>>>>>>>>>>>>>>>>>>>>>>>>
Author: Moyn Uddin GDPR-P, CISSP, CISA, CISM, CRISC, ISO27001 LA, TOGAF is a certified GDPR and Cybersecurity practitioner. He is also the co-author of RESILIA – Cyber Resilience Best Practices from AXLEOS, published in 2014 and the author of the accompanying Pocketbook. He is also the lead author of the Cyber Resilience Best Practices training course for ITpreneuers
LinkedIn: www.dhirubhai.net/in/moynuddin
If you need any assistance with any aspects of GDPR implementation or cybersecurity please contact us
Visit us at www.cybercounsel.co.uk and see how we can help you with privacy and security.
Security Advisor
6 年As mentioned in a message to you: what if processor is EU based and does a processing in the EU for non EU citizens residing outside EU or EEA better.
Management Consultant
6 年Great article. Thanks for sharing. I just have one question regarding your article https://cybercounsel.co.uk/data-subjects/ In the article Section 'Who is an EU Citizen?' you have written: --------------------------- The GDPR defines its scope to only EU Citizens: “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” – www.eugdpr.org ---------------------------------- I think it is a bit misleading as EUGDPR.org is not an offical EU Commission or Government resource, as they disclaim on the website, and I have not seen such words in the actual regulation or EUROPA.EU, hence GDPR did NOT define its scope to only EU citizens. Thanks again and please kindly advise if I have misinterpreted anything in the article?
Leadership and Keynote Speaker and member of the Data Science Research Centre at University of Derby
6 年So, for clarity, if I am in Hospital, as an EU citizen, in Bali, does GDPR provide any recourse or have any impact, if the hospital, through carelessness or otherwise, loses my data in a major hack event?
Global Head of Cybersecurity Operations - A Highly Experienced Cyber Security, Data Protection, (GDPR, UKDPA), and Privacy Professional Helping Organisations Become Resilient & Compliant
7 年Robert Madge I have updated the diagram and will repost a new article with, information I have come across, which provides clarity on the Art 3.1.
Global Head of Cybersecurity Operations - A Highly Experienced Cyber Security, Data Protection, (GDPR, UKDPA), and Privacy Professional Helping Organisations Become Resilient & Compliant
7 年Brian Hopla CSC PGCSM MSyI Carl Gottlieb