The General Data Protection Regulation applies to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries are also affected. If UK companies have EU citizens as customers they will still have to comply with the GDPR.

Keep reading