GDPR is European Union (EU) and UK privacy law which gives data subjects more rights and control over their personal data and its use.
The GDPR applies to any organization that processes or controls the personal data of data subjects, regardless of whether the organization is based in the EU.
If you are processing the personal data of ‘data subjects,’ then you must comply with GDPR regardless of where you live.
Two levels of administrative fines can be levied (on a case-by-case basis) for not complying with GDPR:
1) Up to €10 million ($12.5 million), or 2% annual global turnover (whichever is higher).
2) Up to €20 million ($24.73 million), or 4% annual global turnover (whichever is higher).