With the GDPR coming into force in the UK on 25 May 2018 it is worth highlighting that the regulations have a broad territorial scope. For embassies and consulates in particular, non-compliance with GDPR could have serious repercussions not just for the organisation itself but also for the citizens and commercial enterprises that rely on embassy or consular services.

WHERE DOES GDPR APPLY? EU EMBASSIES WITHIN THE EU AND ABROAD

Article 3 of the GDPR deals with territorial scope. Where will the new rules apply? For a start the GDPR broadens the international reach of EU data protection rules. They will apply to:

  • The processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  • The processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to (1) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union or (2) the monitoring of their behaviour as far as their behaviour takes place within the Union
  • The processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Of particular note for embassies and consular offices the GDPR also states that:

“Where Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State’s diplomatic mission or consular post.”

This means that even UK embassies or consular posts situated outside the EU will be caught by the new GDPR regime.

WHAT ABOUT NON EU EMBASSIES LOCATED WITHIN THE EU

Currently foreign embassies located in the UK are not subject to the full rigour of UK data protection law. This reflects their special status under international law. We cannot see any wording in Article 3 of GDPR that would change this.

HOW WE CAN HELP

Big Data Law is a London-based niche data protection law firm. We offer a range of GDPR compliance services to national and international bodies. For an initial conversation on your GDPR requirements call one of our specialist solicitors on 0203 670 5540.

 

SEE WHAT OUR CLIENTS SAY

Shuba provided excellent help in a very tough case, and acted above and beyond my expectations. With her friendliness, passion, and a wealth of knowledge, she made me feel comfortable in a trying time, and her professional services led to quick results in my case. I can highly recommend her services.

Cecilie Harris ***** See more reviews

LAWYER PROFILE

Shubha Nath is director of Nath Solicitors, a boutique London law firm specialising in commercial contracts, company laws (formation/shareholder matters/M&A) and private and commercial dispute resolution.


ABOUT NATH SOLICITORS

When we state we partner with you to achieve results, it’s not just a slogan. Many of our solicitors have spent years working in the City, and we are passionate about business and helping our clients achieve their objectives.

See more on Nath Solicitors.co.uk

Shubha Nath
Share
This