The General Data Protection Regulation (GDPR) of European Union shall apply from 25th of May 2018.
The GDPR requires actions from all organizations. You need to map and document all kind of processing of personal data and consider also the security while processing. Processing of personal data is usually done with computers but the regulation shall apply also to manual processing and paper documents, that contain personal data.
According to GDPR, you always have to be able to show authorities how the GDPR is handled in your organization. Whenever there might be a data breach, you have to inform the authorities without delay.
Supervisory authority may impose fines and penalties if infringements of the regulation occurs.
General Data Protection Regulation of EU
GDPR sets rights for EU citizens for their personal data and sets requirements for organizations that process that data.