Gearing up for hospitalitytoday. com | 17 the new EU General Data Protection Regulation
by Geoff Milton, Security Strategist, ShieldQ
The hospitality industry is staggering under the mounting volume of customer data that must be stored and processed, from names and email addresses used for marketing purposes, to credit card, passport details and home address data that customers provide when making reservations. Managing and protecting this Personally Identifiable Information( PII) and payment card data in a secure and compliant way is enormously challenging.
New regulatory standards on securing digital data will soon complicate matters further. In a little over a year, the EU’ s General Data Protection Regulation( GDPR) will come into force. It’ s the biggest shakeup to data protection regulations in many years. Its aim: to cut red tape, strengthen existing rules and remove the patchwork of individual data laws across the EU member states.
Hefty penalties
For the hospitality trade, GDPR looks set to be a game-changer. From May 2018, it will mean new and significant obligations for hoteliers and restaurateurs, and there will be hefty penalties for data breaches. It will be mandatory to notify GDPR representatives of any security breaches within 72 hours and, for the most serious breaches, fines of up to 4 % of an organisation’ s global turnover could be imposed.
It is also important to note that these regulations are not confined to the EU. It will impact organisations worldwide; if you handle data on EU citizens, you will need to be GDPR-compliant.