The General Data Protection Regulation (GDPR) designed to give citizens in the European Union (EU) more rights to control their personal information also applies to an Indian entity if it monitors the behaviour of individuals in the EU. Non-compliance of GDPR rules can cost companies a fortune -- 20 million Euros or four per cent of annual turnover. "The scope of GDPR is very wide. It does not matter whether you are in the EU or outside," Supratim Chakraborty, Associate Partner at the law firm Khaitan & Co, told IANS. "If you are providing goods and services through the data subjects in EU, you will be covered under the ambit.