Generally, the GDPR applies to EU-established entities and on a long-arm, extraterritorial basis to entities which offer goods or services to or who monitor individuals in the EU. Thus, the GDPR may apply to companies in the non-EU countries, if either criterion is met.
It is important to note that interpretations must be made on a case-by-case basis, considering both the degree of stability of the arrangements and the effective exercise of activities in Member States in the light of the specific nature of the economic activities and the provision of services concerned.
Our Burcak Unsal and Mert Yasar explained the much debated “Territorial Scope of the GDPR” with solid examples on their article Lexology. Please feel free to discuss your thoughts on the comments section. Do not hesitate to contact Mert Yasar for more information on GDPR and KVKK.