Does my organization need to worry about GDPR?
GDPR was one of the first laws enacted that requires compliance from organizations based outside of its jurisdiction. This means that if you collect personal data from European residents by offering them products and services or by monitoring them, GDPR will apply to you even if you are not based in Europe.
GDPR has a very broad interpretation of what constitutes personal data – it can include anything from names and email addresses, as well as data collected through cookies, and IP addresses collected for analytics purposes. Because of this, the scope of GDPR can apply to organizations large and small all over the world.