On May 25th 2018 GDPR becomes law. Any company or organisation who holds personal data i.e. name, address, email, phone number will have to show that they have taken reasonable steps to prevent that data being lost, stolen or used inappropriately. The penalties for failing in this are severe (and costly).
Visit the ICO’s website for more info.
The more we know, the more information we shall pass on.