The General Data Protection Regulation applies to personal data processing linked to the EU, either when the entity processing the personal data is established within the EU or when an entity outside the EU offers goods and services to people within the Union or monitors their behavior here.
