A “data subject” is just a fancy way of saying “someone we collect data on or from.” EU refers to where the “data subject” is accessing information from – the European Union.
Even if you don’t live in Europe, you still probably have to abide by GDPR. Because, whether you're based in the U.S., Canada, or abroad, your website visitors live around the world. Privacy laws are different from country to country, and even state to state, such as California.
You can determine if GDPR applies to you and if you need to comply if any of the four factors applies to your business:
- Marketing in an EU-based language
- Marketing using domains that end in EU-based abbreviations (e.g., domain.es for Spain, domain.uk for the UK)
- Marketing that targets the users of an EU-country (this includes the UK)
- Accepting payment in Euros