The EU General Data Protection Regulation (GDPR) replaces the EU Data Protection Directive 95/46/EC (DPD). It is a common law for all EU countries to support the secure, liberal movement of data across EU boundaries. It puts data subjects at the forefront of data security and aims to protect all EU citizens from privacy and data breaches. If you control and process Personally Identifiable Information (PII) or sensitive personal information of EU citizens you must comply with the regulation by May 2018. Even if you do not have offices or employees in the EU zone you must still comply.