GDPR (General Data Protection Regulation) is a provision of the European Union with which the European Parliament, the Council of the European Union and the European Commission enhance and standardize the protection of personal data of all the citizens of the EU. The Regulation also covers the export of personal data from the European Union.
GDPR is primarily directed at enabling the citizens to control their own personal data and at the simplification of the regulatory environment of the international economic relationships by harmonizing the regulations within the European Union.
The important point is that GDPR is applicable to both the one who precesses data and the one who collects it. The entity collecting data determines the aim and the significance of such processing, and the processing entity bears responsibility for direct processing, but both of them are liable for compliance with GDPR.