---
url: https://eurocomply.app/regulations/gdpr/persona/sme-non-eu-company
canonical: https://eurocomply.app/regulations/gdpr/persona/sme-non-eu-company
title: GDPR for Non-EU Companies — EuroComply
regulation: GDPR
regulationNumber: (EU) 2016/679
celex: 32016R0679
persona: Non-EU Companies
personaSlug: sme-non-eu-company
inForceDate: 2016-05-24
applicationDate: 2018-05-25
sourceUrl: https://eur-lex.europa.eu/eli/reg/2016/679/oj
lastReviewed: 2026-05-12
author: EuroComply Team
license: CC-BY-4.0
---

# GDPR for Non-EU Companies

GDPR applies to organisations established outside the EU whenever they offer goods or services to people in the EU, or monitor the behaviour of people in the EU. Article 27 requires most non-EU controllers to designate, in writing, a representative established in the Union — a frequently overlooked obligation.

## Does GDPR apply to non-eu companies?

Yes — Article 3(2) extends GDPR to controllers and processors established outside the EU when they offer goods or services to data subjects in the Union, or monitor the behaviour of data subjects in the Union.

**Key considerations:**

- Designate an EU representative under Article 27 unless the processing is occasional and excludes large-scale special-category data
- Identify the lead supervisory authority based on where the EU representative is established
- Map cross-border transfers — the GDPR's territorial reach (Article 3(2)) does not eliminate Chapter V transfer rules for outbound flows
- Plan for the 'targeting' test: pricing in euros, .eu/.de/.fr ccTLDs, EU-language sites, and shipping to the EU all evidence intent to offer services

## Underlying GDPR facts

**Full name:** Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

**Maximum fine:** €20 million or 4% of global annual turnover, whichever is higher.

**Key dates:**

- 2016-05-24 — Entry into force (Article 99)
- 2018-05-25 — Direct applicability across all EU member states (Article 99(2))

## Recommended next step

[Check whether GDPR applies to your company](https://eurocomply.app/tools/regulation-checker)

## Related EuroComply resources

- Full GDPR compliance guide: [/regulations/gdpr](https://eurocomply.app/regulations/gdpr)
- Markdown companion: [/regulations/gdpr.md](https://eurocomply.app/regulations/gdpr.md)

## Source

Authoritative text: [(EU) 2016/679 — EUR-Lex](https://eur-lex.europa.eu/eli/reg/2016/679/oj) (OJ L 119, 4.5.2016, p. 1–88).

---

Informational only. Not legal advice — consult qualified legal counsel.

Last reviewed: 2026-05-12 by the EuroComply Team. License: CC-BY-4.0.