The General Data Protection Regulation, also known as GDPR is the core of Europe’s digital privacy legislation and came into force on May 25th 2018. This new EU framework applies to organisations in all member-states and includes data held on customers, potential customers, suppliers, employees and any other EU residents. It has consequences for both businesses and individuals across Europe. Despite Brexit, UK is still bound by the regulation. Fundamentally, the GDPR regulations are designed to give EU citizens more control over how their personal data is used and managed. Be it data captured from prospective clients or data from the CV’s received daily, these are all sensitive personal data being handled. Individuals even have the right to request you for all the data that you hold on them for free, and even ask you to delete all the information held on them. The consequences of disregarding the new regulations could lead to the organisation being fined up to 4% of their Annual Global turnover or €20m. Therefore, organisations must ensure that all personal data is gathered legally and under strict conditions, and those who collect and manage it are under obligation to protect it from misuse and exploitation.