By Carmen Tang, Senior Associate, Digital Business Practice Group, Oldham, Li & Nie: The General Data Protection Regulation (GDPR), a single, pan-European law for data protection which will come into force on 25 May 2018, operates to regulate the processing of personal data in the context of the activities of an establishment of a controller or a processor in EU, regardless of whether the processing takes place in EU or not.