Parent company GDPR compliance Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Does any host provider currently comply with GDPR?How does the GDPR apply to software developed by one company and used by another?GDPR, email lists, a few email subscribers in the EUDo web applications as hobby projects need to comply with the GDPR?How is GDPR forced on American Businesses?Do companies have the right to demand proof of being present in the EU before executing a GDPR request?GDPR and personal data that gets crawled and ends up on other websitesGDPR and Storing Non-EU Citizen Data as an EU-based companyDoes possesing BUT NOT processing a personal data make the organization their controller?Can't GDPR compliance be trivially bypassed?
Google .dev domain strangely redirects to https
Draw 4 of the same figure in the same tikzpicture
What to do with repeated rejections for phd position
Should a wizard buy fine inks every time he want to copy spells into his spellbook?
Semigroups with no morphisms between them
How does Belgium enforce obligatory attendance in elections?
Do I really need to have a message in a novel to appeal to readers?
Did any compiler fully use 80-bit floating point?
Putting class ranking in CV, but against dept guidelines
A term for a woman complaining about things/begging in a cute/childish way
Why can't I install Tomboy in Ubuntu Mate 19.04?
Movie where a circus ringmaster turns people into animals
Where is the Data Import Wizard Error Log
One-one communication
What does 丫 mean? 丫是什么意思?
Why are my pictures showing a dark band on one edge?
What initially awakened the Balrog?
Do wooden building fires get hotter than 600°C?
Trademark violation for app?
What is an "asse" in Elizabethan English?
Lagrange four-squares theorem --- deterministic complexity
Co-worker has annoying ringtone
Dyck paths with extra diagonals from valleys (Laser construction)
Is there public access to the Meteor Crater in Arizona?
Parent company GDPR compliance
Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Does any host provider currently comply with GDPR?How does the GDPR apply to software developed by one company and used by another?GDPR, email lists, a few email subscribers in the EUDo web applications as hobby projects need to comply with the GDPR?How is GDPR forced on American Businesses?Do companies have the right to demand proof of being present in the EU before executing a GDPR request?GDPR and personal data that gets crawled and ends up on other websitesGDPR and Storing Non-EU Citizen Data as an EU-based companyDoes possesing BUT NOT processing a personal data make the organization their controller?Can't GDPR compliance be trivially bypassed?
Situation:
Parent company is registered in the EU member state but does not do b2c business in the EU and does not process personal data of Europeans. Subsidiaries are not EU companies and does not do b2c business in the EU and does not process personal data of europeans.
Is it true that the parent company must comply with the GDPR just because it is registred in the EU (even if does not really do business in the EU)?
european-union gdpr data-protection
asked May 17 '18 at 5:06
NANNAN
61
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
Situation:
Parent company is registered in the EU member state but does not do b2c business in the EU and does not process personal data of Europeans. Subsidiaries are not EU companies and does not do b2c business in the EU and does not process personal data of europeans.
Is it true that the parent company must comply with the GDPR just because it is registred in the EU (even if does not really do business in the EU)?
european-union gdpr data-protection
asked May 17 '18 at 5:06
NANNAN
61
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45
add a comment |
Situation:
Parent company is registered in the EU member state but does not do b2c business in the EU and does not process personal data of Europeans. Subsidiaries are not EU companies and does not do b2c business in the EU and does not process personal data of europeans.
Is it true that the parent company must comply with the GDPR just because it is registred in the EU (even if does not really do business in the EU)?
european-union gdpr data-protection
asked May 17 '18 at 5:06
NANNAN
61
Situation:
Parent company is registered in the EU member state but does not do b2c business in the EU and does not process personal data of Europeans. Subsidiaries are not EU companies and does not do b2c business in the EU and does not process personal data of europeans.
Is it true that the parent company must comply with the GDPR just because it is registred in the EU (even if does not really do business in the EU)?
european-union gdpr data-protection
european-union gdpr data-protection
asked May 17 '18 at 5:06
NANNAN
61
asked May 17 '18 at 5:06
NANNAN
61
asked May 17 '18 at 5:06
NANNAN
61
asked May 17 '18 at 5:06
NANNAN
61
asked May 17 '18 at 5:06
NANNAN
61
61
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45
add a comment |
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45
add a comment |
1 Answer
1
active
oldest
votes
Yes the parent company does need to comply with GDPR
To quote the UK information commissioner:
The GDPR applies to processing carried out by organisations operating
within the EU. It also applies to organisations outside the EU that
offer goods or services to individuals in the EU.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
And from the regulation itself:
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
(Point 22)
answered May 24 '18 at 12:31
DavidDavid
24318
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f28563%2fparent-company-gdpr-compliance%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes the parent company does need to comply with GDPR
To quote the UK information commissioner:
The GDPR applies to processing carried out by organisations operating
within the EU. It also applies to organisations outside the EU that
offer goods or services to individuals in the EU.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
And from the regulation itself:
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
(Point 22)
answered May 24 '18 at 12:31
DavidDavid
24318
add a comment |
Yes the parent company does need to comply with GDPR
To quote the UK information commissioner:
The GDPR applies to processing carried out by organisations operating
within the EU. It also applies to organisations outside the EU that
offer goods or services to individuals in the EU.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
And from the regulation itself:
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
(Point 22)
answered May 24 '18 at 12:31
DavidDavid
24318
add a comment |
Yes the parent company does need to comply with GDPR
To quote the UK information commissioner:
The GDPR applies to processing carried out by organisations operating
within the EU. It also applies to organisations outside the EU that
offer goods or services to individuals in the EU.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
And from the regulation itself:
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
(Point 22)
answered May 24 '18 at 12:31
DavidDavid
24318
Yes the parent company does need to comply with GDPR
To quote the UK information commissioner:
The GDPR applies to processing carried out by organisations operating
within the EU. It also applies to organisations outside the EU that
offer goods or services to individuals in the EU.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
And from the regulation itself:
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
(Point 22)
answered May 24 '18 at 12:31
DavidDavid
24318
answered May 24 '18 at 12:31
DavidDavid
24318
answered May 24 '18 at 12:31
DavidDavid
24318
answered May 24 '18 at 12:31
DavidDavid
24318
24318
add a comment |
add a comment |
Thanks for contributing an answer to Law Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f28563%2fparent-company-gdpr-compliance%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
No, it only has to do with personal data of EU citizens, regardless where the company is registered. However, you say you have no EU consumers but be advised that an EU employee is also a person which has personal data under GDPR jurisdiction.
– Per Digre
May 23 '18 at 7:57
@PerDigre correction: it has to do with personal data of EU residents. An EU citizen who is not in the EU has no more protection than a non-EU citizen who is not in the EU, and a non-EU citizen who is in the EU is fully protected.
– phoog
Sep 21 '18 at 15:13
@phoog, I tend to disagree, GDPR protects EU citizens regardless where they live. See the discussion in this article medium.com/@thomasyohannan/…
– Per Digre
Sep 22 '18 at 19:11
@PerDigre a person in the EU can claim GDPR protection against a company with no EU presence, although the EU's ability to enforce anything in such a case is limited. A person outside the EU has no claim to GDPR protection against such a company, regardless of citizenship. The discussion you link to cites a text with no legal force in support of its claim that all EU citizens are protected. The text of the GDPR makes no such claim.
– phoog
Sep 22 '18 at 22:57
@phoog, you are right. GDPR itself just states persons in the EU, which is sort of open to interpretation, but you will see EU citizens mentioned occasionally. On the point of enforcement, I am still waiting to see EU try to enforce companies outside of EU, which is techically possible if they make money from europe. I am thinking of the chinese companies like Alibaba, Tencents etc which surely ignores GDPR.
– Per Digre
Sep 23 '18 at 7:45