GDPR is the European Union’s General Data Protection Regulation. It applies to any organization that holds or processes personal data of a person located in one of the EU member states. Unlike the current European Union Directive (Directive 95/46/EC), it applies to companies outside of the EU that offer goods and services to people in the EU. It also imposes new obligations on such organizations regarding how personal data is processed and which consent and disclosures are required regarding the collection and processing of information.