IAPP Privacy Tracker
In part two of her latest opinion piece, Lokke Moerel turns her attention to the impact of the GDPR’s applicability regime on processors.
In part one, Ms. Moerel concluded that the draft UK implementation law (among others) is overly broad as applied to controllers, and could contribute to a patchwork of national laws that the GDPR was designed to replace. In this piece, she discusses the GDPR scope provisions as they apply to processors, concluding that the draft UK law again exhibits regulatory overreach because it is directly applicable to non-EU processors that offer B2B processing services to (i) a controller in the UK or (ii) a non-UK controller that targets individuals in the UK
How do we know that this runs contrary to the GDPR’s intent? And what changes should the UK government make before enacting its final implementation law?
Read more in Lokke Moerel’s IAPP Privacy Tracker article.