New rights, new responsibilities and new obligations are coming into force with the new Data Protection Rules due in May 2018.
The new law fundamentally affects the way everyone uses data to market, provide services and run businesses. Amongst other things it will require you to notify the Information Commissioner's office and the person concerned in the event of a data breach within 72 hours, conduct a root and branch audit of your data processing and introduce Privacy Impact Assessments where appropriate, along with actions to facilitate the 'right to be forgotten'.
All this will require considerable advanced preparation with the price of non-compliance, anything up to 2-4% of global turnover in fines, depending on how severe the data breach is and what efforts you made to comply with the law in the first place.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.