Similar to the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) will affect any organisation holding personal data of E.U. citizens. This project that the European Commission has been working on since 2012, will be effective from May, 25th 2018. The new regulation heavily refers to an organisation’s handling of Personal Information. More specifically, this refers to information that an organisation holds which could “identify, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological genetic, mental, economic, cultural or social identity”. Changes will be also implemented regarding data controllers. They will be asked to be more transparent and provide evidence on how they comply with GDPR. Despite Brexit, the UK is expected to adopt a national data protection regime and align it with the EUs. For more information read this article about preparing for the GDPR.