Group Companies EU Data Protection Laws GDPR Statements The eu data protection regulation (GDPR) standardises data protection law across all 28 European Union countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to European Union residents. GDPR replaces the 1995 European Union Data Protection Directive, and goes into force on May 25, 2018. It also supersedes the 1998 United Kingdom Data Protection Act. There are many essential items in the regulation, including increased fines, breach notifications, opt-in consent and responsibility for data transfer outside the European Union. As a result, the impact to businesses is huge and will permanently change the way customer data is collected, stored, and used. General Data Protection Regulation applies to all organisations holding and processing European Union resident’s personal data, regardless of geographic location. Many organisations outside the European Union are unaware that the European Union General Data Protection Regulation regulation applies to them as well. If an organisation offers goods or services to, or monitors the behaviour of European Union residents, it must meet General Data Protection Regulation compliance requirements.