If I don’t sell to the EU, can I ignore GDPR?
Not necessarily. Under the EU’s General Data Protection Regulation (GDPR), your organisation may still need to comply if you process the personal data of individuals in the EU when monitoring their behaviour.
Does GDPR Apply if I Don’t Sell to the EU?
Yes, GDPR applies if:
- You are monitoring individuals in the EU, regardless of whether you offer goods or services there.
- You target your services at EU residents, for example, through the language or currency used on your website.
GDPR does not apply if:
- You do not target or monitor individuals in the EU.
- Your services are offered outside the EU without targeting EU customers.
- Customers in the EU access your services incidentally, such as when travelling.
Clarifying your website and service offerings can help ensure compliance. For instance, explicitly stating that your services are not intended for the EU or actively excluding orders from the EU can reduce legal risks.
Monitoring Behaviour
“Monitoring behaviour” under GDPR means tracking individuals online, profiling them, or predicting their preferences and actions. Examples include:
- Behavioural advertising
- Use of cookies or other online tracking tools
- Personalised health or diet analytics
If your business engages in any of these activities with individuals in the EU, GDPR may apply, even if you’re not selling directly to EU customers.
Not sure whether your email marketing campaign complies with data privacy laws? Take a look at our Guide to Email Advertising Management!
Conclusion
Even if you are not selling to the EU, monitoring the behaviour of individuals in the region can trigger GDPR obligations. It’s crucial to assess your online activities and clearly communicate your target markets on your website.
Need help navigating this issue? Check out Ask.Legal — our AI-powered legal assistant is ready to help 24/7.
