The GDPR contains regulations for the protection of natural persons when processing personal data. The GDPR is in force since May 25th, 2018 and applies therefore to all organisations that are based in Europe or that are offering products and/or services to customers in Europe.
However, it does not only apply to organisations but also to businesses, authorities, clubs and individuals that are processing personal data outside of the private or domestic sphere.
The heart of the GDPR are the principles relating to personal data processing mentioned in Article 5, e.g. data minimisation or storage limitation.