The GDPR not only applies to organizations located within the EU but also applies to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.
It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR regulates the processing of a data subject’s personal data in the European Union including its collection, storage, and transfer or use.
The GDPR gives data subjects more rights and control over their data by regulating how you should handle and store any personal data they collect.
The personal information defined by GDPR includes basic information (name, address, etc.), web information (location, IP address, cookie data, RFID tag, etc.), health/genetic information, iometric information, racial/ethnic information, political opinion, and sexual orientation.