The GDPR applies not only to businesses physically present in the E.U., but also to those that market goods or services to individuals located within the E.U. or that monitor the behavior of E.U. individuals. A recent Cybersecurity Law Report program analyzed the broad jurisdictional reach of the GDPR and provided practical examples of the types of activities that could subject a non-E.U. business to the regime. Matt Fleischer-Black, senior reporter at Cybersecurity Law Report, moderated the program, which featured Vivienne Artz, chief privacy officer at Refinitiv, Ltd., and Bridget Treacy, a partner at Hunton Andrews Kurth. See “Broad but Limited Reach of GDPR Highlighted in ECJ Google Ruling on ‘Right to Be Forgotten’” (Oct. 30, 2019).