GDPR (General Data Protection Regulation) will come into force from 25th May 2018. GDPR applies to personal data regardless of the size of the organisation.

The GDPR is similar to the existing Data Protection Act 1998, but has a change of emphasis to try and encourage people to take the protection of data more seriously. It is your responsibility to keep personal data secure and ensure individual's rights are respected. Failing to do so will incur hefty penalties.

Please see the link below from the Information Commissioner's Office highlighting the steps you should now be taking: 

If you need any further advice regarding this new legislation, please contact us.