Nowadays, any organization which processes personal data of European Citizens should comply with the EU GDPR.
While compliance is mandatory, and non-compliance may prefigure significant sanctions -up to 20M Euros or 4% of annual turnover- the GDPR should rather be viewed as an opportunity
to improve the overall security posture of your business.