The legislation for this was adopted last year and is expected to be implemented in May 2018. By that time, the UK’s status within the EU may have changed. However, according to the Information Commissioner’s Office (ICO), the regulations will still have an impact on UK firms. This will certainly be the case for any organisations that expect to operate within the EU or to trade within the single market. The requirements under GDPR are broadly similar to DPA but they give additional weight to the rights of the subjects of any data collection, most obviously, in terms of penalties.
If you are already operating good risk management, including being transparent about your data collection and storage and ensuring that your clients consent to you collecting and recording your data, then GDPR is not likely to be very onerous. But it is worth checking the Lockton website, which has useful guidance on GDPR and what it means for you. You should also check the ICO website and our website for updates, because the precise requirements are likely to evolve over the coming months.