GDPR Conundrums: The GDPR Applicability Regime —
Part 2: Controllers

IAPP Privacy Tracker

13 Feb 2018

In part two of her latest opinion piece, Lokke Moerel turns her attention to the impact of the GDPR’s applicability regime on processors.

In part one, Ms. Moerel concluded that the draft UK implementation law (among others) is overly broad as applied to controllers, and could contribute to a patchwork of national laws that the GDPR was designed to replace. In this piece, she discusses the GDPR scope provisions as they apply to processors, concluding that the draft UK law again exhibits regulatory overreach because it is directly applicable to non-EU processors that offer B2B processing services to (i) a controller in the UK or (ii) a non-UK controller that targets individuals in the UK

How do we know that this runs contrary to the GDPR’s intent? And what changes should the UK government make before enacting its final implementation law?

Read more in Lokke Moerel’s IAPP Privacy Tracker article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.