You'd have to be living on Mars not to know that the General Data Protection Regulation (GDPR) is now in force. Its strict provisions must be complied with (the penalties for failing are swingeing) and it is practically impossible to run any organisation or business which keeps records without having to have compliant procedures. It is not only necessary to observe the new rules but also to be able to prove compliance.
If you have not yet made your organisation – be it a service provider, charity, educational establishment, club or other business – GDPR compliant, you should contact us immediately: the 'light touch' enforcement promised by the Information Commissioner's Office for smaller organisations may not last long.
What is less well reported is that the new Data Protection Act 2018 (DPA 2018) came into force on 23 May. The 'big point' here is that the penalties for various sorts of data breach and other failures have been ramped up, some being made criminal offences.
The Information Commissioner's Office has comprehensive guidance on the GDPR, and detailed guidance on the DPA 2018 will be available shortly.