The GDPR applies to companies located within the EU in addition to companies located outside of the EU if they offer goods or services to, or monitor the behavior of, EU native persons or ‘data subjects.’ It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.
For example, even though PracticePanther is based in North America, since we serve clients based in Europe, we must be compliant with the GDPR.