The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The enforcement date is 25 May 2018.
The EU GDPR replaces the Data Protection Directive 95/46/EC. If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit.
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location.
For further information please visit the EUGDPR website.