Protecting personal data is at the heart of the General Data Protection Regulation (GDPR) but there remains confusion between gaining permissions to hold and process this data, and protecting it from theft or compromise. Guy Lloyd at Policy Monitor explains how understanding and protecting personal data is core to GDPR compliance.Almost 2 years on from the introduction of the EU General Data Protection Regulation (GDPR) many business owners still lack knowledge about the consequences of not adequately protecting personal data. GDPR isn’t an optional requirement, it is enshrined in UK law in the Data Protection Act 2018. This lack of understanding of the legal necessity to protect personal data is proving costly to business . Since the introduction of GDPR, EU data protection authorities have fined organisations a total of €114 million.