GDPR was something that was mentioned several times during the last week’s lecture so I looked it up. The 3-minute-long video below by WSJ explains the regulation in a really concise manner.
Even if its headquarter is not located in a EU country, any organization that 1) carries on business in EU, 2) electronically provides goods/services to EU residents, or 3) monitors the activities of EU residents must comply with GDPR. …that seems to cover most global corporations. And as Willy mentioned last week, such corporations tend to line up their global policy with the most strict regulations out there so GDPR will likely become the new standard to which everyone will adapt.
Hope you find this information helpful!