On the 25h of May this year, the new General Data Protection Legislation (GDPR) will be coming into force in the European Union. This legislation affects all companies based in the European Union, as well as any company that does business with customers (including both individuals and corporations) based in the European Union, so it is effecting millions of people and hundreds of thousands of companies.
It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC). It was adopted on 27 April 2016. It becomes enforceable from 25 May 2018, after a two-year transition period. Unlike a directive, it does not require national governments to pass any enabling legislation and so it is directly binding and applicable.
This means the impact is most felt by companies using cloud products as cloud products open up opportunities for data to cross borders. So in simple terms the GDPR is about protecting the data of individuals.