The much-anticipated day has arrived, and the General Data Protection Regulation (GDPR) is finally in force, replacing the Data Protection Act 1998. The way organisations can collect, use and store personal data has radically changed. In the fourth part of an NLJ series this week, David White, senior solicitor, and Tom Morrison, partner, Rollits LLP, look at the many changes and challenges that still lie ahead. For, as White and Morrison say, ‘the potential consequences for getting it wrong have been amplified significantly’. See Parts 1, 2 and 3.