Which countries are covered by the GDPRs

GDPR countries scope

At this point, everyone in business should know or at least heard about GDPR.
But there are some questions that maybe you didn’t hear about at this point.

  • Like which countries does the law apply within Europe
  • How big is the scope for this law
  • How do countries manage and apply GDPR fines to companies that don’t comply

In here we’ll answer all these questions and deepen the theme so you can better understand or review these points about GDPR.

Which countries are covered by the GDPR?

The countries that must comply with the GDPR are the ones within the EU (European Union) and the EEA (Europe Economic Area).

Curiosity: Switzerland is neither part of the EU or the EEA, but their citizens have the same rights of working and living as the Europeans.

European Union

So the countries in the European Union are:

  • Austria
  • Belgium
  • Bulgaria
  • Croatia
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Germany
  • Greece
  • Hungary
  • Ireland
  • Italy
  • Latvia
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Republic of Cyprus
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • UK(until Brexit takes effect)

European Economic Area

All the countries above plus:

  • Iceland
  • Liechtenstein
  • Norway

The geographical scope of GDPR

The geographical scope of the GDPR is worldwide.

What do you mean worldwide? Isn’t it only for those Europe countries you listed above?

Those countries above must comply with the law and have all those concerns about treating their citizens’ data and be in compliance.

But the truth is, if someone outside of the EU wants to treat personal data from one of those countries above, they must comply as well with the rules.

For example, someone from Canada can treat data from people in the USA without any concerns about GDPR.

But if a company based in Canada wants to treat personal data from Spain or France, they need to collect their data accordingly with the GDPR normative.

So basically the GDPR is a European regulation for European countries, but all the countries outside Europe that interact or collect personal data from Europeans must comply with GDPR.

How do countries manage and apply GDPR fines

Each country has his own DPA (Data Protection Authority) which deals with the complaints.

The complaint can come from singular persons, companies, organ of state or anyone who find irregularities.

You can find the list of DPA’s (Data Protection Authorities) here by country.

To complain you should email your country DPA with all the necessary information about the company and why she’s not complaining or respecting the data they collected.

Was this post helpful?