It is the regulator. The Information Commissioner's Office is the independent authority set up to uphold information rights in the UK, to promote openness by public bodies and data privacy for individuals. It is here to provide guidance for compliance and take action in the case of a breach.
While there are a lot of voices online shouting about the alleged difficulty that businesses will face, there is one source of really helpful material, explanations, and interpretation and it is indeed the ICO's website. Particularly useful is the new series of blog posts that they have launched which aims to bust myths about GDPR and help us sort fact from fiction.
It is true, disregarding GDPR may lead to fines, and preparing for the new regulatory regime will take some time and effort. However, the overarching objective is to make our data processing more secure and transparent which is something that all of us will ultimately benefit from.
The ICO is the watchdog of GDPR in the UK, but it is also the most knowledgeable, reliable and helpful source of information and it does seem like its greatest interest is to support organizations in building best practice, rather than penalize trivial matters.
I would strongly encourage everybody to acquaint themselves with the wealth of resources on the ICO website to support themselves on the GDPR journey. Nobody understands it better than them and you can find answers to a lot of your questions there. So start exploring!
“GDPR will stop dentists ringing patients to remind them about appointments” or “cleaners and gardeners will face massive fines that will put them out of business” or “all breaches must be reported under GDPR”. I’ve even read that big fines will help fund our work. For the record, these are all wrong.