Looking for an external Data Protection Officer?DATUREX GmbH Dresden

GDPR — Table of Contents

AI-generated summary

This provision extends the Regulation's territorial reach beyond the EU by applying it to any controller or processor established in the Union, regardless of where processing occurs. It also covers non-EU entities that offer goods or services to individuals in the Union or monitor their behaviour within the Union, ensuring comprehensive protection for data subjects.

Art. 3 GDPR

Territorial scope

(1.)This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

(2.)This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

(3.)This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Source:: EUR-Lex CELEX 02016R0679-20160504
Citation:: OJ L 119, 04.05.2016, p. 1; corrected by OJ L 127, 23.05.2018, p. 2
As of:: 2016-05-04
Retrieved:: 2026-02-25