The GDPR applies to all organisations based in the EU and any organisation which processes personal data of an EU citizen. The GDPR sets out the standards to be reached by those who decide how to use personal data, and those which do processing on their behalf. And it gives individuals rights in relation to their data which are broader than rights that have existed in the past. Organisations, wherever they are located, should take care to comply with the GDPR – not only does it set out best practice about how to manage individuals’ information, but significant fines and adverse publicity for non-compliance will likely ensure that most organisations will want to be compliant.