This Practice Note discusses the territorial scope of the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). This applies whenever the use of personal data by an organisation relates to: (i) the offering of goods or services to individuals in the EEA, irrespective of whether a payment is required, or (ii) the monitoring of those individuals’ behaviour in the EEA.