The General Data Protection Regulation (GDPR) applies to entities that process personal data of individuals within the European Union, regardless of where the processing takes place. In this scenario, the North American company is servicing customers in South Africa and, although it uses a cloud storage system made by a European company, it is not directly involved in the processing of personal data of EU citizens. Therefore, it is most likely exempt from complying with the GDPR.References: GDPR Article 3 (Territorial Scope), IAPP Certification Textbooks, Section on GDPR Applicability.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit