You will have heard of the GDPR, which was approved by the European Commission in 2016. The GDPR will supersede the Data Protection Act (DPA) of 1998.
The GDPR was created and implemented through an effort to better monitor the processing of personal data. Processing is defined as harvesting, storing or making use of personal information. The creation of additional regulations is largely driven by the increasing use of technology in the workplace.
GDPR applied to any organisation that provides goods or services to or monitors the behaviours of EU citizens. The goal of GDPR is to help individuals feel that their Personally Identifiable Information (PII) is safe when entrusted to organisations.
The GDPR compliance is 25th May 2018. To be compliant organisations must establish a system that documents all data processing activities and ensures lawful processing methods. Organisations must know where all personal data held came from, how it is stored, and to whom it has been distributed.