The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The GDPR applies not only to EU data subjects but also to non-EU data subjects in certain circumstances.
Applying to Non-EU Data Subjects
The GDPR applies to the processing of personal data of non-EU data subjects by organizations established in the EU, regardless of whether the processing takes place within the EU or not. This means that if an EU-based organization processes the personal data of individuals located outside of the EU, it must still comply with the GDPR.
For example, if a company based in the EU processes the personal data of customers located in the United States, it must comply with the GDPR, even though the United States does not have a similar data protection framework.
Applying to Non-EU Organizations
The GDPR also applies to non-EU organizations if they offer goods or services to individuals within the EU or if they monitor the behavior of individuals within the EU. For example, if a company based in the United States operates an online store that sells products to individuals within the EU, it must comply with the GDPR when processing the personal data of its EU customers.
Conclusion
In conclusion, the GDPR applies not only to EU data subjects but also to non-EU data subjects in certain circumstances. EU-based organizations must comply with the GDPR when processing the personal data of non-EU data subjects, and non-EU organizations must comply with the GDPR if they offer goods or services to individuals within the EU or if they monitor the behavior of individuals within the EU.