The GDPR applies not only to entities with customers and employees located within the EU, but to the following entities located outside of the EU:

Data processors as well as data controllers are directly liable under the GDPR

Overview of Key Provisions of the GDPR

The key provisions of the GDPR are as follows:


The GDPR will have a significant impact on companies doing business in the EU and employers with employees in the EU, both in terms of additional obligations regarding the processing of personal data and the seriousness of the penalties that will be imposed for noncompliance. Thus, it is essential that covered entities begin their compliance programs as soon as possible to meet the May 2018 effective date.

Written by Grant D. Petersen of Ogletree Deakins