The General Data Protection Regulation (“GDPR”) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA). It focuses on data security and protection and on the user control of the data. According to EU it is the most important change in the data privacy regulation in 20 years. It reshaped the way in which the data is handled. The European Union’s General Data Protection Regulation which came into effect on May 25 2018 has put consumers in charge of their online data. Attributable largely to the scope and reach of the internet, several businesses operating out of India now have the ability to target customers globally. Under GDPR, if an entity, while offering its goods or services, targets persons in the EU and consequently collects and processes personal data of such persons, then the entity in question is required to comply with the rules and processes set out in GDPR. Hence, any business operating out of India that targets persons from the EU and consequently controls and processes personal data of a person in the EU needs to comply with GDPR.
General Data Protection Regulation (GDPR) – Freedom from Interference by Prateeksha Dalela
https://www.lexology.com/library/detail.aspx?g=3f4c4ffd-f7ab-4708-b4f5-2fedd22f6acf