Who does the GDPR affect?

The protection of personal data under the new GDPR legislation will not only apply to natural and legal persons residing or established in a Member State, or to entities which physically place the personal data processing means in the territory of a Member State, but the new legal regulation will apply to all controllers which have their establishments in the European Union (EU), even though the actual processing is performed outside the EU, and it will also apply to controllers which are not established in the EU, but which process personal data of persons located in the EU and whose processing activity consists in offering goods or services to persons in the EU or in monitoring of behaviours of such persons in the territory of the EU.