Should I comply to the GDPR, even with customers outside the EU?

GDPR compliance

As we all know, the General Data Protection Regulations (GDPR) highlights the European Union as a global pioneer when it comes to data protection.  Many experts believe that this will forcefully elevate privacy standards for businesses like yours that are outside of the EU as well, as implementing GDPR compliance the needs for transparent protection of citizen’s data.

Microsoft’s Top 10 Areas of Compliance

The GDPR deadline is finally here! See how Microsoft 365 can help your business comply.

What GDPR questions are other businesses asking?

Now that the deadline for compliance is on the horizon you probably have a ton of questions regarding GDPR compliance.  The top question we have been getting recently from our clients and partners is:

How should personal data obtained from non-EU Countries be treated?

Continue using the process already in place OR streamline it under the GDPR compliance Process?

You’re probably hoping the answer to this question is option one. We get that it reduces the extra work and hassle associated with creating new data policies. Chances are you most likely already have a system in place to handle non-EU data. We also understand that not having to implement a new system reduces the expense of fragmenting the data handling process. So why even bother with the second option?

Why should you streamline your data processing policies?

We here at CyberTraining 365 realize the first option might seem like a good short-term solution to save money and time.  But, ultimately the decision will catch up to you with negative consequences:


GDPR compliance

  1. Unorganized Processes- Instead of having a uniform system in place for all your data, your organization will be managing multiple data regimes.  For example, one set for your EU users, and another set for your local (non-EU) users.  Attempting to manage multiple policies can bring up its own set of challenges and costs.
  2. Bad Public Relations- If the public finds out that your organization is deliberately offering a lower privacy standard to you non-EU users at home, compared to the protections you offer to your EU residents, your company could suffer major setbacks from loss of reputation.  If your customers can’t trust that you’re giving them the best protection available they will seek companies that can.
  3. Accidental processing- If your company uses Google Adwords and a German resident stumbles upon your webpage, the GDPR likely would not apply to your company solely on that basis. But if your company processes that person’s data in any way you could be liable for the penalties associated with non-compliance.

Check to make sure you don’t fall under GDPR Compliance

GDPR compliance

If your website actively pursues EU residents, then the GDPR will apply to your company.

Active pursuit includes:

  • Accepts the currency of an EU country,
  • Has a domain suffix for an EU country,
  • Offers shipping services to an EU country,
  • Provides translation in the language of an EU country, or,
  • Markets in the language of an EU country;

Compliance is necessary even if your company is not located in the EU, but still has a strong internet presence.  Also, if you are in industries such as e-commerce, logistics, software services, travel and hospitality handling business in the EU.

The ultimate goal is to make things easier and less risky for your business.  Treat GDPR as the new ‘gold standard’ for how to handle all personal data, regardless of where it comes from.

For more information about what we discussed and additional GDPR topics, pleases visit us at to check out our full library of online GDPR compliance and related training.

GDPR Compliance

CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cybersecurity training. Our training provides the most in-demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cybersecurity education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On-Demand LMS platform has white-label capabilities ideal for internal training purposes.

6 thoughts on “Should I comply to the GDPR, even with customers outside the EU?

Leave a Reply

Your email address will not be published. Required fields are marked *