Which countries do not follow GDPR?
Asked by: Mrs. Leila Bashirian | Last update: May 17, 2026Score: 4.3/5 (28 votes)
The General Data Protection Regulation (GDPR) applies to the EU/EEA/UK and businesses globally processing their residents' data; countries outside this bloc, such as the United States, China, Russia, Canada, and non-EU European nations like Serbia, Ukraine, and Turkey, do not follow GDPR directly but have their own data protection laws, though GDPR can still apply to their companies if they target EU citizens.
Which countries are not GDPR compliant?
The following European countries have not adopted the GDPR:
- Albania.
- Belarus.
- Bosnia and Herzegovina.
- Croatia.
- Kosovo.
- Moldova.
- Montenegro.
- North Macedonia.
Does GDPR apply to all countries?
The EEA GDPR applies to all 27 member countries of the European Union (EU). It also applies to all countries in the European Economic Area (the EEA). The EEA is an area larger than the EU and includes Iceland, Norway, and Liechtenstein.
Who is exempt from GDPR?
Some of the most common exemptions include businesses that do not process personal data of living persons, businesses that have no connection with the European Union, derogations for businesses with less than 250 employees, or data processing primarily for personal/household activities.
Who does the GDPR not apply to?
Some of the key exemptions from GDPR compliance include personal or household activities, government agencies and law enforcement, and the processing of personal data by Member States.
ISO 27001 is not GDPR
Does GDPR apply to Americans?
Yes, GDPR applies to U.S. citizens when they are physically located in the European Union (EU) or European Economic Area (EEA) and their personal data is being collected or processed, regardless of their citizenship; it protects them as if they were EU residents in that context, covering tourists, students, or business travelers. Its scope is territorial and depends on location, not nationality, meaning a U.S. citizen in the U.S. has no GDPR protection, while an EU resident in the U.S. also doesn't get GDPR protection.
Does GDPR apply to Russia?
Countries like Albania, Belarus, Bosnia and Herzegovina, Croatia, Kosovo, Moldovia, Montenegro, North Macedonia, Russia, Serbia, Turkey, and Ukraine are part of Europe, but they are not governed by the GDPR. However, if any of their companies process data in the EU, they are bound to comply with GDPR regulations.
Does Canada follow GDPR?
Do GDPR Rights Apply to Canadians? The GDPR applies only to individuals located "in the EEA" at the time of the data processing. This means that GDPR rights don't automatically apply to Canadians unless they are physically located within the European Economic Area (EEA) when they are interacting with the company.
Is Switzerland part of the GDPR?
Switzerland is not part of the EU, so GDPR compliance is not required there. The country does have the Federal Act on Data Protection (FADP). Also, many companies do business in the EU and Switzerland, so it's important to understand data privacy requirements and differences between the two laws.
Does everyone have to comply with GDPR?
Everyone responsible for using personal data has to follow strict rules called 'data protection principles' unless an exemption applies. There is a guide to the data protection exemptions on the Information Commissioner's Office ( ICO ) website.
Does GDPR apply to US citizens visiting the EU?
Note that the law specifically applies to EU residents rather than citizens. It does not apply to EU citizens while they reside in the United States. However, it does apply to United States Citizens when they provide data to the University while temporarily located in the EU.
Does GDPR apply in Australia?
Obviously the GDPR applies to Australian organisations with an established presence in the EU, as in, for example, having a branch office in one or more of the EU member states.
What are the 6 legal bases of GDPR?
Article 6 of the General Data Protection Regulation (GDPR) sets out what these potential legal bases are, namely: consent; contract; legal obligation; vital interests; public task; or legitimate interests.
Which countries have no data?
Some countries do not regularly report data due to conflict, lack of statistical capacity, or other reasons (e.g. Somalia, North Korea, and some Caribbean and Pacific island economies).
Which country has imposed the biggest GDPR fine?
1. Meta GDPR fine- €1.2 billion. In May 2023, in a groundbreaking decision in the past five years of GDPR enforcement, the Irish Data Protection Commission (DPC) imposed a historic fine of €1.2 billion on US tech giant Meta.
Is Germany a GDPR country?
Germany adjusted its legal framework to align with the GDPR through the new German Federal Data Protection Act (BDSG), which came into force on May 25, 2018. The BDSG leverages GDPR's opening clauses, allowing Member States to tailor or restrict certain data processing requirements.
Where does GDPR not apply?
In short, the EU's General Data Protection Regulation (GDPR) doesn't apply if your business doesn't operate within the EU, doesn't process personal data, or if you're only processing data for domestic purposes.
What are three countries not in the EU?
Three countries not in the EU are the United Kingdom, Switzerland, and Norway, though many others exist like Iceland, Russia, and microstates like Monaco, each with varying relationships with the EU, from former membership to close economic ties.
What is illegal in Switzerland after 10pm?
1) After 10 pm it is illegal to slam car doors,wear high heels in your apartment or flush the toilet because it could disturb the neighbors. This statutory “Nachtruhe” (night rest) applies from 10 pm to 6 am.
Does the USA follow GDPR?
Are US companies subject to GDPR? Yes, the GDPR can apply to businesses in the US or any business outside the European Union. As per Article 3 of the GDPR, the territorial scope of the GDPR applies to businesses regardless of whether the processing takes place in the European Economic Area (EEA).
Which country has the strictest privacy laws?
Which Country Has the Strictest Data Privacy Laws? The country with the strictest data privacy laws related to the internet is Iceland. Many people have referred to Iceland as Switzerland for data. It has incredibly strict privacy laws, and these laws were passed in 2000.
What are the 7 rules of GDPR?
The 7 principles of GDPR (General Data Protection Regulation) are: Lawfulness, Fairness & Transparency (process data legally, fairly, openly); Purpose Limitation (use data only for specified, legitimate reasons); Data Minimisation (collect only necessary data); Accuracy (keep data correct and up-to-date); Storage Limitation (don't keep data longer than needed); Integrity & Confidentiality (secure the data); and Accountability (demonstrate compliance).
Does Ukraine follow GDPR?
GDPR is not mandatory for the collection and processing of personal data in Ukraine. Instead Ukrainian law “On Personal Data Protection” (in UA - https://zakon.rada.gov.ua/laws/show/2297-17 ) applies.
Is using a VPN illegal in Russia?
The new version of Russia's law “On advertising” prohibits promoting VPNs that allow users to bypass the blocks imposed by Russia's federal censor, Roskomnadzor. Violating the ban is a misdemeanor offense, with fines up to 80,000 rubles ($990) for individuals and up to 500,000 rubles ($6,200) for organizations.
Does GDPR apply to Iceland?
Summary: As Iceland is an European Economic Area (EEA) member, the GDPR applies by virtue of Decision No. 154/2018 of the EEA Joint Committee (here). The Act 90/2018 on Privacy and Processing of Personal Data (the Act) implements the GDPR in Iceland.