|
|
|
|
|
|
by Olphs
620 days ago
|
|
|
It does, if the company has any branch/office/agent or similar in the EU, or if it targets their services/website to EU residents. What "targets" means exactly in this case I'm not sure, but given that YC actively markets to EU based companies too, I would think that GDPR applies to them as well. |
|
|
Here's a link with more info: https://gdpr.eu/compliance-checklist-us-companies/
> Why US companies must comply with the GDPR
> The GDPR applies to companies outside the EU because it is extra-territorial in scope. Specifically, the law is designed not so much to regulate businesses as it is to protect the data subjects’ rights. A “data subject” is any person in the EU, including citizens, residents, and even, perhaps, visitors.
> What this means in practice is that if you collect any personal data of people in the EU, you are required to comply with the GDPR. The data could be in the form of email addresses in a marketing list or the IP addresses of those who visit your website. (See our article explaining what is considered personal data under the GDPR.)
> You may be wondering how the European Union will enforce a law in territory it does not control. The fact is, foreign governments help other countries enforce their laws through mutual assistance treaties and other mechanisms all the time. GDPR Article 50 addresses this question directly. So far, the EU’s reach has not been tested, but no doubt data protection authorities are exploring their options on a case-by-case basis.