This is a new pan European regulation, replacing countries individual data protection laws. In this respect it should help companies operating across borders. Such companies will only have to be regulated by the authority where they are based. The legislation reaches further, covering all organisations in the EU as well as those outside that process and control the data of EU citizens.
Many points are not new being part of the existing DPA. But, with GDPR, there is more detail, a wider scope and changes to reflect digital developments.
The act also covers, data security, system integrity and awareness. In the event of a data breach you must notify the authorities and individuals.