Why does this matter?
Whilst this might not seem like a big deal, these changes in the legislation that govern how businesses look after that data mean that the implications of getting it wrong are serious: you could be fined up to 4% of your turnover which could be disastrous.
In addition, individuals affected by a breach of the GDPR will be able to claim damages for hurt as well as material damages. So in effect, if someone lost £1,000 due to fraud caused by your breach of the GDPR you could be fined by the ICO; made to repay the fraudulent amount (the material damage in this example) and then have a civil case taken out against you for additional damages.
All of this could be very costly but thankfully relatively easily avoided. The ICO has published guidance to help you prepare for the new legislation. And there is still time!