There is everywhere. As I understand it GDPR actually changes relatively little, though it adds a few rights and paper-trail requirements. What it does seem to have done, though, is highlighted a vast swathe of non-compliance with the existing Act throughout most areas of business.
One thing that probably focuses the mind is the increase of a maximum penalty for a data breach from £500,000 (under the Data Protection Act) to £17,000,000 or 4% Global Annual Revenue (whichever is greater).