The General Data Protection Regulation (“GDPR”) is the new legal framework that will come into effect on the 25th May 2018 in the European Union. EU Regulations have direct effect in all EU Member States, meaning the GDPR will take precedence over any national laws. The GDPR’s focus is the protection of personal data, i.e. data about individuals. In fact, GDPR is one of the biggest shake-ups even seen affecting how data relating to an individual should be handled – and potentially it affects not just companies but any individual, corporation, public authority, agency or other body that processes the personal data of individuals who are based in the EU. This includes suppliers and other third-parties a company might utilise to process personal data. It has a surprisingly extensive scope, including all Member States of the European Union along with the UK post-Brexit in 2019, as the GDPR will be also incorporated into UK law.