The General Data Protection Regulation (GDPR) is an European Economic Area ("EEA") law on data protection and privacy for all individuals within the EEA. It also addresses the export of personal data outside the EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EEA.
The GDPR extends the scope of EEA data protection law to all foreign companies processing data of EEA residents. It provides for a harmonization of the data protection regulations throughout the EEA, thereby making it easier for non-European companies to comply with these regulations.
In other words, the law protects every EEA citizen when they visit your web site, no matter where you or your business is located anywhere in the world. Hence our default privacy settings are strict and the only personal data logged by default is a randomly generated Unique ID (UID) stored in a cookie.
GDPR considers a UID to be "personal data", even though it does not identify who you are or reveal anything else about you. However, per Article 6 of the GDPR, use of this cookie does not require a visitor's direct consent because it is "necessary for the purposes of the legitimate interests" of a web site using the service (knowing how many unique visitors access a site is a vital statistic and hence a "legitimate interest").