Although Europe already has some of the world’s most stringent data protection laws, those protections will be upgraded when the General Data Protection Regulation (GDPR) comes into force in May 2018. Although it is obvious who is responsible for maintaining security of data held in in-house systems (you are), the modern operating environment is much more complicated.

The GDPR enhances the rights and principles already defined in the
Directive and the DPA