The new GDPR or General Data Protection Regulation which came into effect on the 25th of May 2018 is a new EU legislation applying to all UK businesses and to all businesses holding personal data on customers based out of the EU. The new law aims to give the public more information over how data is collected on them and used, plus the ability to request to remove your data. Lack of enforcement could result in massive fines - up to 4% or EU 20m of turnover if not followed.
This is just not just about compliance or implementing a new framework, but putting in place ethical practices over the use of customer data. Building this into the organisation is ethical and good for business.
For the Consumer.
As a consumer, you may have already started receiving emails from various organisations relating to subscriptions and personal data. Organisations which previously retained your data are now required to ask you to "Opt In" for them to continue using your data. This is also good opportunity to reconsider which subscriptions you wish to continue receiving as well as be more aware on what the privacy policies are for that organisation.
Tons of information available, but here are sites that give it to you straight and simple without overwhelming you.