Does GDPR apply to EU citizens only or all of Europe?


(Miroslav Glavić) #1

So does the GDPR and Cookie law only apply to EU Citizens within the EU like Germany, France, Croatia, Cyprus, etc… or does it apply as well to places like Russia, Ukraine, etc…?

I have quite a few sites and until I update the privacy policy, cookie policy, TOS and so forth. I want to have one standard page for all sites (so one common cookie policy for all sites, just change the URL/name of site).

I have a plugin that can redirect people from whatever country to another site. I have a blank site that will just redirect visitors from certain countries to something like sorryduetogdpr.com and explain. This from all those quite a few sites. Until I get things sorted on the pages.

Should I redirect only EU visitors like France, Italy, UK, Croatia or include Russia, Ukraine and so forth?


(Hudson Atwell) #2

From my studies with Codeable’s GDPR training program, it applies to any EU citizen no matter their location. When I take jobs from Codeable and the client is an EU citizen I have to honor GDPR. The rules I have to follow pertaining to GDPR come off less as rules and more as decent practice standards when handling another’s data. The only worriesome part is legal liability if I abuse GDPR requirements and some terrible data breach/theft/loss occurs while I am handling that client’s data.

Not a lawyer, and am a US resident. But in order for the EU’s legal arm to reach I imagine your native country has to decide to participate in the legal authority of the EU in order for the EU to fine you. I’ve not seen anything like this happen in the US or, say, Russia yet. I doubt Russia would permit the EU to have any legal sway over their citizens. It could be the same with the US too. This law was built with foreign corporations wanting to do business inside the EU in mind more than it is an attempt to exercise legal authority over small business owners in foreign lands. But I wouldn’t be surprised if this power was coveted by the EU.

In California they are developing similar standards in the spirit of GDPR. May have already passed.

About your redirection protocols, I am telling people it’s cheaper to work in minimal GDPR compliance into your site rather than wash your hands of business with the EU, and also blocking countries will not prevent you from non-compliance status. EU citizens in the US(or-any-non-EU-place) will still, in theory, have GDPR protection. That makes country blocking/redirecting an imperfect solution.