According to the EU, the GDPR will apply to any company that processes or stores the personally identifiable information (PII) of EU citizens. Whether they have a presence in the EU or not, companies must comply with the GDPR. Non-compliance could be very costly, with fines up to 4% of annual global turnover or €20 million (whichever is greater).
Here are some GDPR highlights:
GDPR protects basic identifiers like your name, address, or ID numbers. Web data, IP addresses, cookies, etc., and health, genetic, and biometric data are also covered, as are data on race or ethnicity, sexual orientation, or political opinions.
Here are some of the key provisions:
If you want to know more about the GDPR, you can go to the official GDPR information site here: https://ec.europa.eu/info/law/law-topic/data-protection_en.