We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



General Data Protection Regulation - Implications Beyond the EU


The General Data Protection Regulation (GDPR) can have broad extraterritorial reach and may apply to companies in Singapore.

Singapore organisations may be subject to the GDPR if they have an establishment within the EU, offer goods or services to EU individuals or monitor the behavior of EU individuals.

Examples of Singaporean businesses that may be impacted by the GDPR include:

  • A Singapore business with an office in the EU.
  • A Singapore business whose website targets EU customers, for example, by enabling them to order goods or services in a European language (other than English) or enabling payment in euros.
  • A Singapore business whose website mentions customers or users in the EU.
  • A Singapore business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.