This piece of crap (from Europe, where else!) comes in on the 25th of this month. I'd never heard of it until a mate mentioned it. The "point" seems to be to protect the privacy of people who give any information to a business. The business must only use that info for the exact purpose it was intended. It seems to be an extension of the Data Protection Act, but I'm not sure. I'm a sole trader, and this is a google result. https://rapidbi.com/gdpr-checklist-for-sole-traders-and-micro-businesses/ Are there any other sole traders on here who know more about this than me ... which wouldn't be difficult!