The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).

Key changes:
  • GDPR can apply extraterritorially to some streams of data processing and not others, and not to the entire entity.
  • GDPR applies to many non-EU data processors, including cloud storage providers for data