This is a question that has the most doubts: “Who needs to adapt?". For example: 1 - If you have a company in Brazil and sell products or services and process personal data from residents in the EU, in this case your company must conform to the GDPR. 2- If you have a company located in the EU and handle personal data.

Transcribing here part of Article 3 of the GDPR:

1.This Regulation applies to the processing of personal data carried out in the context of the activities of an establishment of a controller or a subcontractor located in the territory of the Union, regardless of whether the processing takes place inside or outside the Union.

2.This Regulation applies to the processing of personal data of holders residing in the territory of the Union, carried out by a controller or processor not established in the Union, when the processing activities are related to:

a)The provision of goods or services to such data subjects in the Union, regardless of the requirement for data subjects to make a payment;

b)Control of their behavior, provided that such behavior takes place in the Union.