The General Data Protection Regulation (GDPR) is a European law adopted by the European Parliament in May 2017 with 392 votes in favour, one abstention and one against that governs how companies’ personal data — EU-based or not — is used and how they deal with it and was a. It replaces the outdated 1995 Data Protection Directive.
The GDPR establishes a new standard for the protection of digital personal data related to behaviour on the Internet and in the real world. This standard applies to the private data of internet users in the EU, regardless of which company holds its data.
Simply put, if you have customers in an EU country and collect data about those customers as a result of your business transactions, you are subject to the provisions of the GDPR. This is because the size and scope of a company mean that any company with an internet presence can potentially be the subject of this law. They will be a business that does business with EU citizens, regardless of location or business.
It replaces the existing law on the use of personal data and enters into force on 25 May 2018 and applies to businesses in the European Union (EU and also to all members of the EU and the EEA, replacing many statutes in its current legislation, which are contained in the European Convention on Human Rights (ECHR) and European Union (EU) law.