The GDPR applies to companies that process the data of EU residents, whether or not the companies are also located in the EU.
Regulators are critical of a lack of transparency and lagging adoption of privacy measures. Additionally, all major markets will face privacy regulation in the coming years. Consumers are also increasingly concerned about their privacy and data.
A focus on privacy and user trust increases revenue, as privacy progressively becomes a premium consumers are willing to pay.