The General Data Protection Regulation (GDPR) is coming and will impact your business, whether you operate in the UK or the European Union (EU) .As of May 25, 2018, the current data protection law will be updated and replaced with the GDPR. The new regulation will not only detail existing data protection laws, but will also contain laws regarding the newly enhanced technology and the obligations and responsibilities that organizations will have when it comes to managing the data they hold on EU citizens . Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay Across Britain, MPs and government authorities are urging companies to prepare for the upcoming regulation to avoid facing fines of €20 million or 4% of a company's annual global turnover, a depending on which is the highest. Furthermore, it is crucial that companies understand and are fully aware of the facts surrounding the GDPR. For an accommodation provider that collects large amounts of data about its tenants, which can be passed on to building contractors or resident organisations, there is a need to raise awareness of the changes and how they impact the organisation's employees. Let's take a look at these changes: How "personal data" is defined The definition of "personal data" will be expanded further, to include any information that can be used to identify an individual, such as business contact data, genetic information, mental cultural, economic and social. Under the new legislation the burden of protecting personal data falls on those who “own” the personal data – in other words the data controllers. This means that accommodation providers will be held liable for any breach of the privacy of customers' personal data that occurs along the supply chain. This must be kept in mind in merger processes, as well as in relationships with suppliers. Once you understand how your vendors will handle personal data, you need to have appropriate record-keeping processes and procedures in place. Appointment of a Data Protection Officer If your company allows large-scale data processing, whether this is carried out by public bodies or other entities, you will need to appoint a Data Protection Officer (DPO). It doesn't matter how big your organization is, it depends on how much data you process regularly. This means that SMEs and small businesses may need to employ someone to ensure that personal data storage, systems and processes are GDPR compliant and can also be highlighted in the event of a data breach. Your DPO will be the main point of contact for staff questions about how to comply. Anyone who handles an individual's data in any way, whether managing customer accounts or collecting customer emails for marketing purposes, needs to be aware of what GDPR is. and what it does. Everyone involved in these activities should undergo at least one basic overview training session, while staff members directly responsible for data security will require more in-depth training. Privacy Impact Assessments As the risk of a data breach has increased, Privacy Impact Assessments (PIAs) will be introduced to businesses to facilitate taking steps to mitigate the knock-on risk to individuals. Projects within a company involving personal data must be submitted to a PIA.