Another case where the rules of the Regulation apply despite the fact that the data controller does not have an establishment located in the EU territory, is in a situation where, according to international law, the law of a State member of the EU shall be applied1.

Recital (25) proposes examples of diplomatic missions or consular posts in a Member State: "Where Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State's diplomatic mission or consular post."

1. See art. 3.3 Reg. 2016/679 which rephrases art.4.1 (b) Dir. 95/46/EC.