The recently enforced General Data Protection Regulation (GDPR) applies to all organisations offering goods or services or marketing to individuals in the EU, regardless of company size or where the company or data is located.
TÜV Rheinland Blog - Stories from Asia and Africa
Enforced as of May 25 2018, wireless device manufacturers that plan to sell in the European market must comply with the GDPR’s tight regulations for keeping personal data private and protected if their products process such data. Failure to comply with the regulation results in major financial penalties. Companies could face fines up to €20 million or 4% of its annual turnover.