There will be circumstances where GDPR does not apply. This can be because the data used to provide the service is not included in the definition of personal data under Article 4 of GDPR, or because the nature of the services Verizon is providing is not considered Processing under Article 4 GDPR.
Example: An EU based customer purchases network services from Verizon. Verizon does not have logical access to any customer data in connection with the services. Verizon is not considered a Processor as it is a ‘mere conduit’ of the data (Article 2(4) GDPR and Article 12 Directive 2000/13/EC).
Example: An EU based customer purchases pure co-location services from Verizon in Amsterdam. The customer’s servers reside in Verizon’s data centre but Verizon provides only space, power, cooling, and physical security for the server. This is not considered processing under GDPR.
Where Verizon is a Processor, customers should understand what Verizon is doing with their personal data.