The General Data Protection Regulation supersedes Directive 95/46/EC of the European Commission and comes into force on the 25th May 2018, after a two-year implementation period. In the U.K. the GDPR also supersedes the UK Data Protection Act of 1998. It targets the protection of individuals with regard to the processing of personal data and on the free movement of such data. Unlike the previous Directive, the GDPR is a Regulation that must be complied with and has extremely heavy fines for infringement (a maximum of €20 million or 4% of global turnover). As such, all organizations should be seeking compliance before the deadline is reached next May.