The GDPR* is applicable if the personal data is processed by a controller or processor based in the EU and also, to non-EU data controllers and processors which process personal data of EU data subjects where the processing is related to the offering of goods or services, irrespective of whether a payment of the data subject is required; or the monitoring of their behaviour within the Union.
Useful? Embed this infographic on your website.
Accordingly, many non-EU jurisdictions are in the process of drafting or updating their data protection regulations. Since, if a third country is considered as offering an adequate level of protection, this will allow the free flow of EU Personal Data without implementation of additional safeguards.
The above is highly desirable. It is worth to mention, that while with incomplete data**, only in the financial sector, according to the Bank for International Settlements, “Offshore Finance” – provision of financial services by banks and other agents to non-residents, it can take the form of lending or borrowing money or taking deposits and investing in financial markets elsewhere or funds managed by financial institutions at the risk of the customer– is a very sizeable activity representing trillions of dollars in cross border assets.
Hence, imagine, how much personal data is processed in each transaction and how many transactions need to be concluded per day by a financial institution or other agents.
Plus, personal data is not only processed in order to conclude a financial transaction, it is also processed to comply with financial regulations which may involve close supervision of the behaviour of traders and investors in the financial markets, control of risk-taking and protection of consumers, investors, and taxpayers against risky activities, directives on money laundering and terrorist financing, etc.
* Adopted EU legal act marked as EEA relevant by the EU and under scrutiny for incorporation into the EEA Agreement by Iceland, Liechtenstein, and Norway.
** Because not all the activities are captured in the Statistics, such as off-balance sheet, or fiduciary, or activities done by International Business Companies or other intermediaries not associated with financial institutions.
This lawinfographic aims to show the advances in the data protection legislation outside the EU, which are expected to be fully in force in the near future, and some of them in 2018 together with the GDPR.
Each lawinfographic has a visual presentation and keywords that will allow comprehending at a glance the main topic. The articles may contain several examples that have been taken from the EU law, regulations, guidelines and opinions on the matter. If you require more information, do not hesitate to consult the lawinfographic sources below or reach me on LinkedIn.
Art.3 of the GDPR. Also refer to Recitals: 14, 15, 23, 24 and 25
Handbook on European Data Protection law pg.18
IMF Background Paper, Part II, A and B
UK New Data Protection Bill
Bermuda Personal Protection Act (PIPA)
Brazil Personal Data Protection Bill