In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation (GDPR), first proposed in 2012, and as of May 25, 2018, it is in effect.
The GDPR offers a framework for data protection with increased obligations for organizations, and its reach is far and wide. It is applicable to any organization — no matter where it resides — that intentionally offers goods or services to the European Union, or that monitors the behavior of individuals within the EU.