Who Does the GDPR Apply To?

The GDPR applies to organizations that are engaged in professional or commercial activity and collect or process personal data in order to:

(i) order goods or services (irrespective of whether payment is required)

(ii) monitor the behaviour of data subjects, as far as that behavior takes place in the EU

GDPR knows two types of organizations:

(1) Controllers: these are natural or legal persons, public authorities, agencies or other bodies which, alone or jointly with others, determine the purposes and means of the processing of personal data

(2) Processors: natural or legal persons, public authorities, agencies or other bodies which process personal data on behalf of a controller

Data subjects (DS) can excercize their rights in their relationship to controllers. Processors have to meet fewer GDPR-obligations than Controllers: they do not need to be able to respond to Data Subject Requests (DSRs), but they do need to have technical measures in place to ensure that their processing-activity is GDPR compliant. They may not process the personal data in any way that goes beyond what is laid down in the contract with the controller and they may not engage another processor without authorisation of the controller. They also have to comply with certain obligations in the case of a data breach.

The information provided in this resource base and on the Datawallet website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “AS IS;” no representations are made that the content is error-free.