The new General Data Protection Regulation (GDPR) comes into force in May 2018 and applies to any organisation holding personal data. Particular care must be applied to situations where ‘sensitive personal data’ is held and the implications on organisations that do so are considerable, especially in the case of a data breach.
…
