GDPR applies to anyone who is processing personal data. Every company that operates in European Union has to change the way they see, process and secure personal data. Additionally, any company in the world that wants to make business with firms in EU also has to shift their view, technology and resources towards securing these goals.