The GDPR achieves two main objectives:
- It sets out clear rules about how personal data should be processed
- It gives people in the EU more rights and greater control over their personal data
This is probably the most comprehensive data protection law the world has ever seen. And it doesn't only to EU businesses. It applies to anyone, from an individual website developer to a massive social media company, so long as they:
- Offer goods and services to people in the EU, or
- Monitor the behavior of people in the EU
This is regardless of whether they are established in the EU or not. That means companies all over the world have to comply, whether they're from the United States, Australia, or South Korea.