The General Data Protection Regulation (GDPR) is the European Union's data protection legislation. It applies to organisations located within the EU and organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. In most respects it is similar to the Protection of Personal Information Act (POPIA), however it does not apply to juristic persons. In South African juristic persons are afforded data protection similar to that for natural persons.