'Ah...but aren't we leaving the EU?' You may ask...Okay the UK is in the process of uncoupling from the EU, however the Great Repeal Act means it is very likely to be converted into British law beyond the leave date, so this does not look like an easy get out and because of the ease with which many SMEs collect data and cyber criminals seize that data, the DPA, drawn up in very different times, means the current legislation has been long overdue for an overhaul.
One of the biggest changes and challenges SMEs will face will be concerns over consent. Under the new regulations, companies must keep a thorough record of how and when an individual gives consent to store and ultimately use their personal data. This is one of many new conditions, by all accounts this is going to be very demanding legislation and potentially very costly if a fine is imposed for a data breach or misuse.
Of course there is far more to this subject than can be placed here. BT have produced a handy guide which you may want to download called 'Dealing with new EU data-protection regulation'.