On November 23, 2018, the European Data Protection Board (“EDPB”) published its long-awaited draft guidelines on the extraterritorial application of the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). To date, there has been a degree of uncertainty for organizations regarding the scope of the GDPR’s application outside of the EU. While the Guidelines provide some clarity on this issue, questions will remain for non-EU controllers and processors. Importantly, these Guidelines are only in draft form and are open for consultation until January 18, 2019, which will give organizations an opportunity to provide comments and raise additional questions in an effort to obtain further clarification from the EDPB on these important scoping questions.

Continue Reading EDPB Publishes Guidelines on Extraterritorial Application of the GDPR