[supergarfield]

> British law also N.Irish people to declare themselves Irish under the GFA

This by itself doesn't mean anything for GDPR—GDPR applies to EU residents (whether or not they are EU citizens), not EU citizens. Declaring yourself Irish doesn't make you fall under GDPR protection if you live outside the EU.

[tehlike]

I am not sure if this entirely true. My understanding was it was both citizens and residents.

[vageli]

This link [0] seems to suggest otherwise.

[0]: https://www.hipaajournal.com/does-gdpr-apply-to-eu-citizens-...

[_-___________-_]

GDPR applies to EU & EEA residents.

[_-___________-_]

A fairly readable summary of the territorial scope of GDPR: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...

In fact, it's not even legal residency that matters. You must simply be present in the territory that the regulations apply to (EU+EEA). If you're not, then the protections don't apply to you, regardless of your citizenship.

[icebraining]

> If you're not, then the protections don't apply to you, regardless of your citizenship.

Yes, unless the company is itself in the EU, in which case the GDPR always applies, even if you're not a citizen, resident or even visitor to the EU.

[s_dev]

GDPR applies to EU citizens globally. It's just not enforced globally. The company will have to be large enough to have a presense (or future presense) in the EU for there to be an tangible impact.

>Declaring yourself Irish doesn't make you fall under GDPR protection if you live outside the EU.

I'm a DPO and this is absolutely incorrect.

[_-___________-_]

Can you provide a source? All information I'm able to find says that it applies to EU & EEA residents, with no mention of citizenship being relevant.

Edited to add: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui... (it's not even residency that is key - just being present in the EU+EEA)

[s_dev]

Here is the official source -- you aren't exactly providing many sources yourself beyond repeating what you've "seen":

https://ec.europa.eu/info/law/law-topic/data-protection/refo...

[vonmoltke]

That page has no reference to citizenship, and multiple to location. It contradicts what you claim it supports.

[_-___________-_]

It took a while to find a primary source, but there is a good set of guidelines laying out how the regulations should be interpreted here: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...

They are very clear - the GDPR protections apply to those that are "in the Union", and the guidelines clarify that citizenship (and, in fact, legal residency) are irrelevant. One must simply be present in the territory that the regulation applies to (which is EU+EEA). Being a citizen of a EU country and being outside the union, the GDPR protections would not apply to you. Being a citizen of a third country and being inside the union, they would.

[_-___________-_]

Uh... did you read the page you linked to? The word "citizen" does not appear anywhere on it, and it finishes with this pretty clear line:

> Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

(note in the EU - no mention of citizenship)

[PeterisP]

There's a big difference whether the company is in EU or not.

If your company is in EU, then according to Article 3.1 the GDPR applies to all your procesing of personal data, period - with no exceptions depending on citizenship. So if you're a DPO in a EU company, then that's what's true for you, you definitely have to apply GDPR protections to EU citizens (and also noncitizens) wherever they are.

If your company is not in EU, then according to Article 3.2. the GDPR applies only to people located in the EU - "This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union"; no qualification on citizenship, but a qualification based on location.

[briandear]

> GDPR applies to EU citizens globally. It's just not enforced globally.

Do American speed limits apply to American drivers in Europe? Or do the European speed limits apply?

Essentially you are absolutely incorrect. The EU has no legal jurisdiction outside of EU borders.

[icebraining]

American tax laws (like the FACTA) do apply to Americans in Europe, for example. A sovereign entity has jurisdiction over anything it wants. The question is whether it can enforce it, but there are many tools for that, from simple treaties to sanctions to full-blown military invasions.

In any case, parent is in fact incorrect since the GDPR claims no such jurisdiction. It only applies to people in the EU, or to people whose personal data is processed by EU companies.