The General Data Protection Regulation (GDPR) is an
evolution of EU privacy law. It came into force on 25th
May 2018. Though an EU law, it applies to anyone
collecting or processing personal data from consumers in
the European Economic Area, so its scope is not limited
to EU businesses only. The EEA comprises the EU Member
States and Iceland, Liechtenstein, and Norway.