The General Data Protection Regulations (GDPR) are European government regulations designed to protect consumers from unwanted commercial emails. Like the CAN-SPAM law in the US and CASL in Canada, GDPR has been put in place to protect the data privacy of EU citizens.
GDPR is more complex than the other two regulations in that it not only impacts email communications but also dictates the way companies can gather, store, protect and use personal data. Consumers provide clear consent to receive communications from a company.
Effective May 25, 2018, GDPR applies to all companies doing business in the EU and offering goods or services to customers in Europe. In short, any company that processes the personal data of people residing in the EU, regardless of where the company is located.