The GDPR and E-Commerce Businesses not based in The EU
On 25thMay 2018, the European Union and its Member States adopted a new data protection regulation, the GDPR. The territorial scope of the GDPR is worldwide. All persons, natural or legal, who process personal data covering EU citizens are obliged to comply with the GDPR. It is not necessary that the processing is carried out within the European Union. The mere fact that a person either offers goods and/or services to EU citizens or monitors the behaviour of EU citizens makes the GDPR applicable. It appear in most cases that E-commerce businesses based outside the EU offering goods or services to EU citizens also process personal data covering natural persons, and therefore they are obliged to comply with the GDPR. This article includes an explanation of the GDPR as well as a discussion on certain more problematic issues.
Keywords- GDPR, Data Protection, European Union, E-commerce, Personal Data, Sensitive Data.