The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 25 2018.
The first question we are asked is:
Does this apply to me?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
Penalties if you are not complaint will reach 4% of your global business.
What it covers:
Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
If this applies to you then please visit, https://www.eugdpr.org/eugdpr.org.html. Google has already sent message to many businesses. Everyone is trying to get the word out to be sure they are compliant.