In April 2016, the EU adopted a new legal framework for data protection: the European General Data Protection Regulation (GDPR). It was the result of years of discussions and negotiations and came into force on 25 May 2018 after a two-year transition period. It replaced the 1995 EU Directive and is binding for all member states. The EU member states also have the option of concretising the GDPR through national data protection laws - in Germany, for example, there is the "Federal Data Protection Act (BDSG)".
The GDPR applies EU-wide in all member states. This means that it not only establishes standardised EU-wide data protection regulations, but can also be applied to cross-border issues.
The GDPR regulates the protection of personal data of EU citizens, which means that it also applies to companies based outside the EU if these companies process data of EU citizens.
More and more countries are introducing data protection legislation. Many of these laws are strongly influenced by the GDPR. It is seen as a model for many other countries and is one of the most far-reaching regulations for the protection of personal data (Source).
Sources: https://www.bfdi.bund.de/DE/DerBfDI/Inhalte/Datenschutzpfad/Geschichte-Datenschutz.html