The new Regulation introduces widespread changes to current law and greatly increases financial sanctions for non-compliance (up to 4% of annual worldwide turnover for groups of companies).

The Regulation, enforced from 25th May 2018, requires organisations to implement all the necessary changes to systems and operations to meet the compliance rules. With a greater emphasis on accountability for the processing and protection of data and how organisations demonstrate their compliance, the GDPR should not solely be viewed as an information security issue but a fundamental business and governance challenge.