The EU General Data Protection Regulation (GDPR) replaces the DPA 1998 in May 2018, bringing with it much stronger protection for personal data and placing privacy at the heart of data processing. Accompanying the new regulations are significant penalties of up to €20m or 4% of global turnover, whichever is the higher, for non-compliance.
It is one of the biggest compliance and security challenges faced by organisations and will not be affected by Brexit. Every organisation that processes personal data of individuals in the EU, regardless of where the processing is undertaken, needs to comply.