GDPR, the new General Data Protection Regulation, came into effect on 25 May 2018. Although GDPR originated with the European Union, it is not affected by Brexit. GDPR builds on existing data protection law to strengthen the protection of individuals' personal data. If your business collects or uses personal data, you must comply with GDPR. You'll need to review any existing data protection systems, policies and procedures to take account of the changes from the old Data Protection Act.