The General Data Protection Regulation (GDPR) will come into legal force in May 2018 and must become a focus of your operation if it isn’t already.
In broad terms, a lot of what this regulation does is bring together, clarify and extend already existing data privacy laws and directives. Currently there are many different regulations and bodies throughout EU member states. Bringing all of them together relieves the need for individual country legislation, as well as creating a common standard. UK data laws are not superseded by GDPR, so where a local directive or regulation has a higher level of control it is still valid and cannot be ignored.
There are some new additions to previous laws, the biggest of which is the inclusion and real demand for accountability from data processors. The heart of GDPR is to protect each one of us and the data held about us by any individual, any company and any government. Who can argue with the sensibility of that? It is not purely about restriction, but more about balancing the interests of business with the freedoms of individuals.