The GDPR not only applies to organisations situated within the EU but also applies to those located outside of the EU if they process, store or transmit personal data belonging to EU residents. In that case, the organization will almost certainly be required to comply with it. It applies to all organizations processing and holding the personal data of data subjects residing in the EU, regardless of the organization’s location.