The General Data Protection Regulation (GDPR) is a new pan-European regulation, which came into effect on 25 May 2018, replacing the 1995 EU Data Protection Directive.

On the same day, the UK’s Data Protection Bill also pass into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

GDPR, and the Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.