The EU General Data Protection Regulation (GDPR) delivers a fundamental change in how data controllers and data processors handle personal data. Instead of being an afterthought within business operations, protections for personal data will now have to be designed into the very fabric of data processing systems, meaning that businesses will need to re-examine how they approach the use of technology in their organisations.