Fixed Price GDPR Readiness Assessment
Do not reinvent the wheel. GDPR is an evolution, not a revolution.
You do not have to start from scratch. Find out what you have, what is good and where the gaps are.
Our GDPR Readiness Assessment is a fixed price comprehensive assessment which will pinpoint what you must do to be GDPR compliant.
Our clients really appreciate and understand our tried and tested readiness assessment carried out by our experienced GDPR and privacy practitioners.
Call us on 07960 387876 or contact us about our GDPR Readiness Assessment.
GDPR Readiness Assessment and Report
Detailed list of remediation and action plan
A project/workstreams roadmap
What is the Scope of the GDPR?
Article 3.2 - Organisations Offering Goods and Services into the EU
The scope of the GDPR is often the most debated and confusing element. There have been many posts asking for clarifications of who a data subject is and what is the territorial scope of the GDPR. This is my attempt at explaining what the scope of the GDPR is in a pictorial way. The territorial scope of the GDPR can be complex. It does not only apply to companies in the EU but according to Article 3.2 of the GDPR by the virtue of providing products and services into the EU from outside the EU, the GDPR could apply to organisations located anywhere in the world. The services or products do not necessarily have to be paid for. Various tests such as the currency the fees are paid in and the language used on the website, the advertising target and whether the goods are delivered to locations in the EU is used to decide whether organisations fall in the scope of article 3.2
Article 3.1 - Organisations Established in the EU
Furthermore, according to Article 3.1 of the GDPR, organisations that have a presence in the EU by the way of being “established” in the context of their activities, the GDPR could cover their global personal data processing. Establishment is very loosely defined. An organisation could be established by having just an office, a chapter a sales office/agent, representation a field office etc. in the context of its activities. In such circumstances, the GDPR not only applies to the organisation’s processing of EU data subject's data but also any processing of personal data of any individual regardless of their nationality, residence or physical location. In effect, the GDPR could apply any organisation anywhere in the world and any individual anywhere in the world. In summary, the GDPR could therefore, apply to any person’s personal data anywhere in the world and any organisation processing personal data anywhere in the world.