The GDPR regulation has a very wide scope. The effect GDPR would have on an organization would be immense. This regulation won’t only affect organizations in the European Union, but it will also affect organizations outside Europe – as long as they deal (in the essence that they store, process, use, etc.) with the data of the EU citizens. GDPR calls the latter the principle of extraterritoriality – which means regardless of where an organization is established, or where it processes data, GDPR applies to them regardless.

The bottom line is, GDPR could apply to just about any organization in the world, it is only left for all organizations to perform a deep analysis if they are knowingly or unknowingly processing the data of EU citizens. Because failure to do so can lead to a breach of personal data which can in turn lead to lawsuits and fines.