The General Data Protection Regulation (GDPR) is a new piece of legislation designed to strengthen and unify data protection for all individuals. The idea of GDPR is to give back to individuals control of their personal data and it becomes enforceable from 25th may 2018.
It will affect any processing personal data. Examples of what is personal data and what processing means are detailed below.
‘Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
If you break this down into its basic form if you are involved in a company that keeps even the basic information about another person then GDPR will apply to you.