The General Data Protection Regulation (GDPR) is the new and upcoming privacy law governing the personal data of individuals within EU. GDPR in application is widely in use, is still bereft of well-founded criticism. The authors herein seek to diagnose the territorial jurisdiction or scope of GDPR and to which businesses does it apply. While it was the required step in terms of governing privacy laws, it is far from being a perfect method in terms of scope of the territorial jurisdiction.

The major scope of the article is the territorial scope of GDPR, and how does it apply to businesses established within EU and how its reach has been extended to non-EU businesses. The article primarily focusses on Article 3 of the GDPR and has special focus in relation to the applicability of GDPR to the Indian organisations and businesses. The author herein focusses on different tests established under GDPR for an institution to come under the ambit of GDPR including the “establishment test”, “goods or services test” and “monitoring test”.

The authors have extensively relied upon research papers published in reputed contemporary journals, and have gone through compliance policies of different organisations. Cases laws from European jurisdictions have been taken into account and the guidelines of the European Data Privacy Board have been dealt with, too.

 Download Full Paper