The GDPR - full name, the General Data Protection Regulation - will come into effect in the UK on 25 May 2018.
This piece of European Legislation will have a major effect not just on organisations of every description but on the people who deal with them - everyone, in other words. While the brunt of the burden falls on organisations, all those who deal with them will need to understand how the GDPR works, and in particular how it limits the way in which personal data can be handled.
"Personal data", according to the artricle 4.1 of the GDPR, means "‘any information relating to an identified or identifiable natural person...." (The full definition is longer. It is not limited to information which is, sensitive, confidential or valuable!)
Many websites carry the text of the GDPR: see for example https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
We are in the process of updating our business documentation and website to comply with the GDPR, so that all those who deal with us are aware of what personal data we will and will not accept. Ansvar/Ecclesiastical have performed the same exercise and this is reflected in changes to our insurance documentation.