What is GDPR?
GDPR seeks to give people more control over how organizations use their data, and introduced hefty penalties for organizations that fail to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.
The GDPR will apply in all EU member states starting May 25, 2018. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents.
‘Controllers’ and ‘processors’ of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. For example, you are the data controller, and MailChimp is a data processor.
Some resources that might be helpful:
But, for more specific information, always consult a lawyer.