It all happens on the 25th May 2018, Privacy's 'D-Day'. Businesses have had since 2016 to get GDPR compliant however many have not. The GDPR isn't a choice but a legal requirement that you have to adopt by this date if you have any business or customers in the UK or EU.
Where the 1998 Data Protaction Act was suitable for the 'dial-up' 20th century, the GDPR is here for the 21st century handing the power of 'willingly relinquished' consumer data back to the consumer.
Unfortunately, as PPI claims die out, these legal firms will flood the TV and Social Media with Ads about GDPR Claims and specifically data mismanagement. GDPRClaims.co.uk and GDPR.claims have already been secured. If the company can't provide evidence the company is financially liable up to 4% of revenue - the absence of evidence in GDPR is enough for liability to be established. Great business for claims guys right?
So, regardless of your size, whether you're in the UK or EU, or if you're in the USA, if you have customer data and they're in the UK or EU then GDPR law applies.Contact
If you don't have consent then you have to get it. Simple.
The data collection and processing you may do must be done with the consent of the people that the data is about.
The information you provide is confidential and will never be provided to 3rd parties, or used for marketing purposes, without your explicit consent to do so.