The GDPR applies to data 'controllers' and 'processors' operating within the EU and was due to become effective in May 2018. The GDPR was due to supersede the requirements of Data Protection Act. Following the UK referendum to leave the EU the Government will need to consider the impact GDPR and whether it will apply within the UK.
The GDPR definitions are broadly the same as the principles of the Data Protection Act (DPA) but the GDPR places specific legal obligations on data processors, for example records of data and processing activities must be maintained. Processors will have significantly more liability if responsible for a breach.
However, if you are a controller the GDPR places further obligations where a processor is involved - the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. For more information see here.