The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998 (DPA). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens. GDPR expects organizations to stay in control of their data to ensure that it is accessed and processed by authorized users only.