Does Your Organization Have to Comply?

Below is an outline of questions to be used as a guide for determining whether you should be concerned about the GDPR. Positive answers indicate that your organization’s GDPR exposure should be explored further, with no one positive, or group positives, necessarily being dispositive.

1. Does your organization have any of the following in the EU:
   • Physical operations?
   • Employees?
   • Consultants?
   • Owners?
   • Corporate affiliates?
   • Data?
2. Does your organization offer goods or services to individuals located in the EU (whether for free or for a charge)?
3. Does your organization monitor the behavior of individuals located in the EU?
4. Does your organization have German, French, Spanish, or other EU-based language versions of its website(s)?
5. Does your organization’s website(s) allow EU-located users to create an account?
6. Does your organization send emails or text messages to individuals located in the EU?
7. Does your organization offer transactions in Euros or other European denominated currency?
8. Does your organization have an EU domain, such as .fr, .ie, .uk or .eu?
9. Does your organization’s website(s) collect any of the following from individuals located in the EU:
   • Name?
   • Identification number?
   • Location data?
   • IP addresses?
   • Cookie identifiers?
10. Does your organization’s website(s) utilize digital tracking or profiling of visitors?
11. Does your organization possess information about EU-located persons?
12. Does your organization post information regarding EU politics, including direct messages?