< Back to Hiring Blog

Preparing for the GDPR Outside of the EU

March 1, 2018
 
iCIMS Staff
2 min read
Learn how iCIMS can
help you drive ROI

The new head of the Article 29 Working Party, consisting of representatives of the European Union’s data protection authorities, has indicated that the Working Party does not have plans to issue additional guidance on the extraterritorial reach of the General Data Protection Regulation (GDPR) before compliance with the Regulation is required on May 25th. This issue is important for many companies outside the EU because Article Three of the GDPR provides that the GDPR directly applies to controller and processers with establishments in the EU “regardless of whether processing takes place in the Union or not.” Article Three also applies the GDPR to controllers and processors that are not located in the EU, if either they are offering goods or services to data subject in the EU or monitoring the behavior of data subjects that takes place in the EU.

Andrea Jelinek, head of the Austrian Data Protection Authority, was elected earlier this month to succeed Isabelle-Falque-Pierrotin of France as head of the Article 29 Working Party. As reported by Bloomberg Law, Jelinek has stated that additional guidance on the international reach of the GDPR will not be issued before GDPR compliance is required in May. According to Bloomberg, she said that the guidance issued by the Working Party to date is “enough for everybody to start with” and indicated that companies should have been working on GDPR compliance rather than waiting for additional guidance.

Recitals accompanying the GDPR provide some guidance on the scope issue, but questions remain in a number of areas, including how broadly the EU will interpret what constitutes the “offering of goods or services” to EU data subjects, the potential application of the GDPR to websites that are not directed at individuals in the EU but use cookies and other online tracking technologies, and the reach of the GDPR to non-EU operations of a company that also has an establishment in the EU. How the regulators ultimately address these issues could further broaden the extraterritorial reach of the GDPR. We will all need to do our best to make reasonable and appropriate judgments about extraterritorial reach while we work on being ready for May 25th.

×

Learn how iCIMS can help you drive ROI

Explore categories

Explore categories

Back to top

Join our growing community
and receive free tips on how to attract, engage, hire, & advance the best talent.

Read more about Candidate experience

September Workforce Report: A sneak peek into the Talent Experience Report

Read more

How to improve your candidate experience

Read more

Summer 2024 Release: Stronger connections, faster workflows

Read more