GDPR Countries – Which Countries are Included


GDPR is a new law that works to prevent data invasion. It is a comprehensive law in the EU that modifies the existing laws in order to strengthen them for the safeguard of personal data.

The data came into being on May 25, 2018. All the companies in EU and outside EU, fall in the compliance category of the GDPR.  It basically applies on the EU companies and non-EU companies that:

  1. Market their products to residents of the EU, or who
  2. Monitor the behavior of residents of the EU.

Another important aspect that confuses the marketers is of the countries, which are a part of the GDPR compliance. We have a little brief below to help you identify the countries that work in compliance with the GDPR

  All of the European Union Member States, which includes: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

The United Kingdom is still part of the EU and thus governed by GDPR. This includes: Channel Isles, England, Northern Ireland, Scotland, and Wales.

GDPR also includes European Economic Area Countries, such as Iceland, Lichtenstein, and Norway.

While these states above are already working and matching their footsteps with the GDPR, other states are also coming up with their own national laws to match up with the privacy and security rules of GDPR.

 Non-European Countries that are a Part of GDPR

There are dependent territories/countries that are technically in the EU though not in Europe that are governed by GDPR, these include: Azores, Canary Islands, Guadeloupe, French Guiana, Madeira, Martinique, Mayotte, Reunion, and Saint Martin.

Transferring Data Outside of the EU

GDPR ensures strict and total adherence to its measures enforced on the countries and data transferred to non-EU countries or international organizations undergoes rigorous procedures. These are detailed in Chapter V of the Regulation.   The EU Commission allows the data transfer when the data destination ensures all levels of protection. Other than this, the data destination can display their measures of “adequate level of protection”, which may include the following:

– Commission approved data protection clauses

– Legally binding agreements between public authorities

– Commission approved certification

– Binding corporate rules that are enforced across different  GDPR is a part of EU Legislation but organizations placed outside EU must take care of its compliance features and protect personal data from getting violated.

Leave a Reply

Your email address will not be published. Required fields are marked *