GDPR applies to “processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU”, as summarised by the UK’s ICO. The aim is to harmonise data protection regulations across the EU and means that any non-European. PR and communications practitioners need to be aware, therefore, that it does not matter where their organisations or clients are based when it comes to processing data for EU individuals.
PR and communications practitioners in SEA, therefore, need to be aware of GDPR if dealing with EU individuals. It does not apply to the processing of personal data of citizens from outside of the EU although SEA offices of larger groups may be asked to standardise their practice in line with larger offices in Europe and store and process data in line with GDPR for all individuals.