Who must comply with GDPR and what are the penalties for non-compliance?
The GDPR applies to any companies that process data of EU residents and also covers EU organisations and non-EU companies that offer goods or services to EU residents. All these organisations should be compliant else they risk being fined up to 4% of their annual global turnover (revenue) or €20 million, whichever is greater. Companies may also see their reputation hurt by fines or reprimands.