| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by tankenmate 2976 days ago
	What a large number of people fail to realise is that the GDPR applies to any person (natural or legal; a data controller and/or data processor) that holds personal data on a EU citizen or EU resident, regardless of where the data controller (or data processor) is. Obviously EU law can only be enforced in the EU but if you are a business then any funds in the EU that belong to the data controller can be frozen or used to pay court levied fines. Or if an infringing data controller travelled to the EU (or a country with an extradition treaty and similar criminal code) they could potentially be held if a court decides that the behaviour was criminal in nature (some EU jurisdictions are more strict than others). The only way to completely avoid the GDPR is to not hold personal data of EU citizens or EU residents.

2 comments

raverbashing 2976 days ago

> the GDPR applies to any person (natural or legal; a data controller and/or data processor) that holds personal data on a EU citizen or EU resident

Funny, because the GDPR explicitely says this is not the case.

Art2. Paragraph 2

This Regulation does not apply to the processing of personal data:

   c) by a natural person in the course of a purely personal or household activity;

link

tankenmate 2976 days ago

I was talking about in the context of the medium post / businesses which is what I was replying to. I don't think I have seen anyone complaining about household activities. A red herring.

link

icebraining 2976 days ago

Nitpick, but as far as I understand it, it's only EU residents (regardless of their citizenship). The specific text says "data subjects who are in the Union", and citizen never appears in it.

(This is for foreign businesses. EU businesses have to apply it to everyone, regardless of their location or citizenship.)

link

merinowool 2976 days ago

This means this should be applied to everyone because how do you check that someone is an EU resident? Should websites display a page requesting visitor to upload their residency certificate to be complaint?

link

icebraining 2976 days ago

No, it means they have to apply to people connecting from the EU.

link

tankenmate 2976 days ago

Have you any document from a data protection authority or lawyer that makes this claim? or even close to it?

link

icebraining 2976 days ago

He's not a lawyer, but as a "GDPR implementation leader" I bet he talked to some:

https://www.linkedin.com/pulse/gdpr-does-apply-eu-citizens-g...

But really, it's plain from the text.

link