On 25 May 2018, the General Data Protection Regulation (GDPR) came into effect, representing an evolution in the UK’s data protection laws. This took place against a backdrop of huge public interest in privacy, following controversial stories in the media about how organisations are using personal data in ways that many would not expect or know about. It would be vital to present the regulations as a force for good in tackling these issues, and not as red tape.