The General Data Protection Regulation came into effect on 25 May 2018. It applies specifically to the processing of personal data in the European Union and personal data of EU citizens around the world. This means that companies operating outside the EU may need to comply with this Regulation.
While the GDPR is a recent development, data protection legislation in Europe is not new. In 1995, a directive of the EC required all member countries to introduce data protection legislation in accordance with a common set of requirements. However, countries like Germany have had data protection legislation for over forty years.