In May 20818 a new piece of legislation became law. This was widely known as GDPR which stands for General Data Protection Regulations. These Regulations built on existing Data Protection law by ensuring that people would be made aware of the data that organisations held about them and were able to challenge and change that data. This meant that organisations, both large and small had to identify what personal data they held and had to inform people what data they held about them and for what purpose that data was being held. Organisations also had to let people know how they could challenge and change that information and the reason for holding it including having that data deleted.