GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
The GDPR does not simply apply to EU domestic business, but to companies worldwide that target their goods and services to European citizens. GDPR applies to controllers and processors that are handling the personal data of European individuals.
The penalties for non-compliance are significant and are separated in two tiers. It vary depending on many factors including – among others – the duration of the infringement, the number of the data subjects affected and the level of impact.