Applicability of the GDPR to the data processing activities carried out by the non-EU controllers and processors
Naumchuk, Anna (2020-06-01)
Applicability of the GDPR to the data processing activities carried out by the non-EU controllers and processors
(01.06.2020)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2020062645914
https://urn.fi/URN:NBN:fi-fe2020062645914
Tiivistelmä
Broadening the scope of EU data protection law due to the entering into force of the General Data Protection Regulation has made many companies review their data processing practices. Especially changes have affected the non-EU entities which appeared to be pursued under the new Regulation for the activities that only yesterday were outside the territorial scope of law.
This master‘s thesis aims at providing the comprehensive analysis of the conditions under which a non-EU controller or processor will be subject to the GDPR. For this purpose, it analyzes the grounds for the GDPR applicability from the non-EU controllers‘ and processors‘ perspective.
Besides provision of the theoretical background regarding various concepts and processing activities, the work pays considerable attention to the practical side of the matter. It presents diverse examples of the GDPR applicability to the non-EU operators, including both the situations where certain evidences are sufficient to invoke the Regulation and, by contrast, those which are missing appropriate grounds.
In addition, the paper is an attempt to fill up the gaps, which the EDPB has not addressed in the Guidelines on the territorial scope, and, where possible, to provide the probable solutions to the existing issues.
This master‘s thesis aims at providing the comprehensive analysis of the conditions under which a non-EU controller or processor will be subject to the GDPR. For this purpose, it analyzes the grounds for the GDPR applicability from the non-EU controllers‘ and processors‘ perspective.
Besides provision of the theoretical background regarding various concepts and processing activities, the work pays considerable attention to the practical side of the matter. It presents diverse examples of the GDPR applicability to the non-EU operators, including both the situations where certain evidences are sufficient to invoke the Regulation and, by contrast, those which are missing appropriate grounds.
In addition, the paper is an attempt to fill up the gaps, which the EDPB has not addressed in the Guidelines on the territorial scope, and, where possible, to provide the probable solutions to the existing issues.