GDPR impacts any organisations, whether it’s based inside or outside the EU, that processes the personal data of people within the European Union. This includes a wide range of entities, from businesses to non-profits, and applies to both data controllers, who decides how and why data is processed, and data processors, who handle the data on behalf of controllers. GDPR also directly affects individuals by granting them specific rights over their personal data, ensuring that organisations are responsible for protecting this data and following the regulation’s strict requirements.