The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
The GDPR primarily aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for business by unifying the regulation within the EU.
The SBU, irrespective of its legal form/persona, must conform, by virtue of being an organisation engaged in economic activity.
The GDPR has been incorporated into UK law in the form of the Data Protection Law 2018 and continues as is despite the UK's departure from the EU.
It has also been updated to reflect the fact we are now an SCIO - Scottish Charitable Incorporated Organisation.