This document outlines the key considerations for determining if an organization is subject to GDPR regulations, including if the controller or processor is established in the EU, processes personal data of EU individuals outside the EU, or processes personal data where international public law applies. It also lists the core principles of GDPR around data protection, individual rights, security measures, and breach procedures. Exemptions are noted.