The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.