The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. 1 The GDPR contains numerous references to IOs but does not state whether it applies to them, and this uncertainty has led to tensions between IOs and the European Commission. The issues surrounding IOs’ processing of personal data show how the GDPR can give rise to unexpected questions under public international law, and illustrate the need for greater engagement between EU law and international law.