In the UK, The Data Protection Act of 1998 has been the sole regulatory legislation that companies based here have had to comply to. An Act of Parliament, it was introduced to protect the personal data of British citizens, by outlining exactly what businesses must do when processing their information.
On the 25th May 2018, the Data Protection Act will be replaced by the EU General Data Protection Regulation (GDPR). This is a Europe-wide set of compliance obligations, rules that will again stipulate what must happen when an organisation handles and processes data. It is widely agreed that the GDPR is a far more robust set of regulations than what is currently in place, with the main changes in the areas of child consent, privacy by design and data breach notifications.