The General Data Protection Regulation (GDPR) is a data protection law in the European Union (EU).
The GDPR replaces the existing Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and reshape the way organizations approach data privacy.
Who Does GDPR Apply To?
All companies that process personal data of people who live in the EU, regardless of where those companies are based. The law applies to both controllers and processors, meaning that any company that processes personal data of people in the EU must comply with the GDPR. For example, if you're an ecommerce business or online retailer based outside of Europe but process payment details for European users, then you would need to comply with this regulation.
The GDPR also applies to citizens outside the EU.