General Data Protection Regulation (GDPR) is a data protection regulation that is being introduced on 25th May 2018 and replaced two decade old data protection rules in Europe. The main aim of this regulation is to provide greater protection and rights to individuals. However, countries within Europe were given the flexibility to make some changes according to their need and UK has created Data protection Act (2018) replacing 1998 Data Protection Act. GDPR is applicable to all the citizens and businesses in EU and also the businesses that are based outside EU but doing business in the EU region. The Key principles of GDPR are awfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability. Among these principles UK Data protection Act (1998) includes every principles except accountability. Key changes in the new GDPR includes the followings. First of all, organizations should collect data from individual only what they need nothing more than that. Secondly, personal data must be protected with high integrity and confidentiality. Data should be protected under appropriate information security protection thus it shouldn’t be accidentally leaked or breached. Besides, one can now know with a minimum charge what information about him/her has been known by any organization. Nobody can know anybody else’s information. Moreover, GDPR also has the power to impose penalty, fine and other punishment if individual’s data hasn’t been processed in right way or any breach or violation of the GDPR regulations.