In the UK, GDPR replaces the Data Protection Act 1998, which was brought into law as a way to implement the 1995 EU Data Protection Directive. GDPR seeks to give people more control over how organisations use their data, and introduced hefty penalties for organisations that faily to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.