Are EU Citizens Living in the US Secured by GDPR?

The General Data Protection Regulation (GDPR) in general is applicable to European Union residents in the EU. However how does the GDPR affect EU citizen when he leaves his country and reside in the US or some other non-EU nation? What if an EU resident goes on a trip in a non-EU nation? One more related concern is what if a non-EU citizen briefly lives in the EU? How does the GDPR apply to a US citizen going to the EU for business, pleasure or learning? We need to take a look at each case and see how the rules will apply.

EU Citizens Living in the United States

The GDPR is in fact not focused on citizenship. What is important is if an individual is located or living in the EU.  When an individual is living in an EU country, the GDPR protects his personal data. If an individual with EU citizenship goes out of the EU, he is not protected by the GDPR. Even though he goes to the United States, for instance, and interacts with an EU company that records his personal data, the GDPR wouldn’t apply. However, the US federal and state laws, if any, would apply.

Americans Living in an EU Country

The GDPR protects the personal data of any person who is living in an EU country. An American who travels to Belgium, for example, and gives his personal data to a company for whatever reason, would receive the same GDPR security as any person residing in the EUt.

Is Business Location Important?

The GDPR requires businesses to safeguard the personal information of individuals living in the EU. Hence, it isn’t important if the company is physically based in an EU state. If a business gathers or processes the personal information of a man or woman living in the EU, it should abide by the GDPR regulations.

For EU citizens who have gone to the United States and live there, there is no particular law that safeguards his personal data privacy. There are certain laws such as The Health Insurance Portability and Accountability Act (HIPAA), which merely protects the medical data of patients when recorded, stored or transmitted by a healthcare provider. An alternative for HIPAA covered entities to comply with the GDPR is to implement the same requirements and standard of protection to all PHI just like personal data. Using this solution, EU citizens residing in America could get similar personal data protection like those residing in the EU.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at