Gearing up for hospitalitytoday . com | 17 the new EU General Data Protection Regulation
by Geoff Milton , Security Strategist , ShieldQ
The hospitality industry is staggering under the mounting volume of customer data that must be stored and processed , from names and email addresses used for marketing purposes , to credit card , passport details and home address data that customers provide when making reservations . Managing and protecting this Personally Identifiable Information ( PII ) and payment card data in a secure and compliant way is enormously challenging .
New regulatory standards on securing digital data will soon complicate matters further . In a little over a year , the EU ’ s General Data Protection Regulation ( GDPR ) will come into force . It ’ s the biggest shakeup to data protection regulations in many years . Its aim : to cut red tape , strengthen existing rules and remove the patchwork of individual data laws across the EU member states .
Hefty penalties
For the hospitality trade , GDPR looks set to be a game-changer . From May 2018 , it will mean new and significant obligations for hoteliers and restaurateurs , and there will be hefty penalties for data breaches . It will be mandatory to notify GDPR representatives of any security breaches within 72 hours and , for the most serious breaches , fines of up to 4 % of an organisation ’ s global turnover could be imposed .
It is also important to note that these regulations are not confined to the EU . It will impact organisations worldwide ; if you handle data on EU citizens , you will need to be GDPR-compliant .