All organisations are required to comply with the General Data Protection Regulations. GDPR is a European regulation that came into force on 25th May 2018. All European countries are subject to it. It is unlikely to change when the UK is no longer pat of the European union.
The regulations are designed to protect individuals’ privacy and control the way people’s data can be used by emphasising the data holder’s accountability. Children’s data now has the same level of protection as adults.
All Organisations are required to take responsibility for protecting people’s information and can be held responsible for breaches and non-conformances. Non-compliance can result in fines of up to £17.5 m, or 4 % of a company’s global annual turnover, whichever is greater.
Free courses are available to help you understand the GDPR regulations so that you can work out how to apply them in your organisation. https://digital.lorators.com/courses1/free-elearning-courses/