APPENDIX 3: IMPLEMENTATION FAQ
The following answers some of the most common questions regarding the interpretation and implementation of the GDPR.
Material scope and legal implications
Does the GDPR apply to all media and all personal data?
The GDPR applies to all personal data that is collected in the EU, regardless of where in the world it is processed. Any database containing personal or sensitive data collected within the EU is in scope, as is any media containing personal or sensitive data. Any organisation that has such data in its systems, regardless of business size or sector, must comply with the GDPR.
Personal data is any information relating to an identifiable ‘natural person’ – a living human – and can include information such as ...