Jul 04, 2018
The European Union’s General Data Protection Regulation (GDPR) has a very wide scope, from definition of personal data, to what constitutes processing activities, to applicability for organizations worldwide. This note explores the GDPR’s territorial reach and how the European Data Protection Board could apply fines and sanctions. In particular, when is processing of European data subjects “in scope,” and how it applies to government agencies outside of Europe, such as municipalities, educational institutions, etc.