The GDPR (General Data Protection Regulation) is the biggest data protection reform since 1995. GDPR fundamentally alters the way companies store, handle, source and distribute data that they collect from the clients in the European Union. As a result, Organizations should be aware of, and plan for, the safeguarding of individual privacy when they are developing their processes for collecting, processing, and managing data they collect from their customers and clients.
General Data Protection Guidelines intend to provide a formal legal expression of the concept of personal data protection. In addition, The GDPR offers a range of significant challenges and opportunities for businesses of all sizes.
Here are the seven GDPR principles for lawful processing of personal data:

Not only that, the EU citizens now have a whole new set of rights because of GDPR:
Must give explicit consent to the processing of their personal data.
Must have easy access to their personal data.
Has the right to request that all data that belongs to them be erased.
Object to the use of their data for the purposes of ‘profiling’.
Move their data easily between organizations or service providers (‘data portability’).
Must be able to easily access information about the processing of their data.