The GDPR is a new law that determines how your personal data is processed and kept safe. The regulation applies from 25th May 2018 and will apply when the UK leaves the EU.
The key principles being:
• Data must be processed lawfully, fairly and transparently
• It must be collected for specific explicit and legitimate purposes
• It must be accurate and kept up to date
• It must be held securely
• It can only be retained for as long as necessary for the reasons it was collected