GDPR is a new privacy regulation across the EU and it provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data. GDPR compliance is not a one-time activity, but is an ongoing process.
The GDPR takes effect on May 25, 2018. It will replace the existing Data Protection Directive (Directive 95/46/EC), which has been in force since 1995.
The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU and EES or that collect and analyze data tied to EU/EES residents—and it applies no matter where they are in the world.