The General Data Protection Regulation (EU) 2016/679 (EU-GDPR) was adopted by the European Parliament and the Council of the European Union in April 2016 and came into force on May 25th 2018.
GDPR constitutes on of the most comprehensive data protection laws in the world and is said to have been the inspiration for similar laws across the globe, including CCPA. GDPR has had a massive impact beyond Europe due to it's leg out principle: Both businesses based in the EU and businesses collecting or processing data for customers in the EU are in scope.
GDPR is relevant to any organization that is engaged in professional or commercial activity and collects or processes personal data (either by determining the purposes and means of processing or by processing the data on behalf of another).
The definition of personal data is broad and covers any information from which a person (data subject) can be identified or potentially identified. This includes cookies, IP addresses, geolocation and data that has been encrypted, de-identified or pseudonymized but could be used to re-identify an individual.