Any organization operating inside of the EU must adhere to the GDPR, as well as any organizations outside of the EU that provide goods or services to consumers or businesses within the EU. As a result, the GDPR has an impact on data protection laws globally and has led to significant changes in how organizations around the world collect and treat consumer data.

Specifically, the GDPR defines two types of data-handlers who must abide by the regulations:

• Controllers: These parties are described as a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data."
• Processors: This group includes a “person, public authority, agency or other body which processes personal data on behalf of the controller."