For the GDPR, an extraterritorial regime applies. This means that the GDPR rules apply to persons who process the personal data of EU residents and citizens, regardless of the place of incorporation and residence. That is, if a company processes personal data of users from the EU, it is obliged to comply with the GDPR regulation. In theory, if a company does not collect and process this kind of data, it will not fall under the GDPR. In practice, every company must be audited for "falling" under the GDPR.