Does My Non-EU Company Need to Be GDPR Compliant?

5 Min

The need for GDPR compliance might depend on your marketing and sales practices.

Here are some practices that could make non-EU companies subject to GDPR:

1. Collecting personal data on EU citizens
2. Marketing or selling their products or services in the EU
3. Accepting Euros or other EU currency
4. Acting as a third party to an EU company

Use the following steps to understand if GDPR applies to you.

1. Review your marketing efforts

Identify where and how you market your products and services.

If you’re actively trying to drum up business in the EU, GDPR regulations might apply to you.

2. Review the currency you accept for payment

GDPR regulations may apply to you if you accept EU currencies like euros or pounds.

Note: GDPR might apply even if your services or goods are free.

3. Vet your partners

Survey the types of data your partners collect or use.

If you process EU citizens’ data on behalf of another company, regardless of your location, you can be subject to GDPR.

With that information you can:

Update your data processes

Only process or use what you have consent for. This could mean maintaining separate lists or seperate pages for different users.

Update your terms of service

Spell out what data you collect and why

Get consent

Clearly ask for consent from users at the point you collect their data

The penalties for noncompliance are high—4% of your annual revenue or €20 million (approximately $24 million).

Let's look at the Roxy Hotel again:

They are a US-based hotel, with clientele that includes EU citizens. They've been told they need to be GDPR compliant.

Quiz 1 of 1

What practice did the Roxy engage in that has created the need to be GDPR compliant?

Accepting guests from the European Union
Marketing the hotel in the European Union
Buying goods from the European Union
Maintaining a check-in database with user data

The correct answer is B.

GDPR compliance may apply to you if you market your goods and services in the EU, regardless of your company’s physical location.


If your company is not EU based, review your processes and partners to understand your obligations under GDPR.

Lesson complete

Like what you see? Try us for free!
Check out our library of 2000+ Microlearning® lessons and try creating your own lesson.

Sign me up