hospitalitytoday.com | 7
The new ‘GDPR’ Data Protection
rules: How can hospitality
businesses prepare?
By Medina Forson (left),
Solicitor in the Intellectual Property &
Commercial Team at Wedlake Bell LLP
What is the GDPR?
Ian Cass, (left), Chief Executive of the
Forum, said “Many people will welcome
tighter controls on who owns their personal
data an how it is used, and as such the
intent of the GDPR legislation is fine, but it
appears that no one in power has thought
about the small and micro businesses
that make up 98% of the UK’s 5.2 million
businesses, account for more than half
of the country’s employment and are the
economic engine of the high street.
“There is the potential for this legislation to
impact the way many of these businesses
operate and market themselves, and even
force them to close down. Matt Hancock’s
comment in his press statement that
“businesses will be protected” gives no
comfort whatsoever whilst there is so much
uncertainty about what will be allowed,
and what actions will be heavily fined.
The Forum is calling on the Government
today urgently to establish a dedicated
working group, on which the Forum would
be pleased to play its part, to ensure that
all MPs are fully briefed on the potential
impact on their constituency businesses
before they are required to vote.”
The General Data Protection Regulation
(GDPR) is the biggest change in European
data protection law in 20 years. It
is a European regulation, intended
to strengthen and harmonise data
protection laws across the European
Union (EU) and to protect and give control
back to EU citizens over their personal
data. The GDPR was adopted in April
2016 and is set to replace the existing
Data Protection Directive, which was
implemented into the United Kingdom
(UK) by the Data Protection Act 1998.
The new law will come into force on
25th May 2018.
What impact will GDPR have
on the hospitality sector?
The GDPR applies to processing carried
out by businesses operating within the
EU. It also applies to businesses outside
the EU that offer goods or services to
EU citizens. For example, it is likely to
apply to a hotel chain outside the EU
that directs marketing material to data
subjects residing in the EU.
The hospitality sector is particularly
vulnerable to data security breaches,
because businesses typically store large
volumes of customer information on
multiple platforms. For example, hotel
businesses commonly hold data about
customers including personal contact
and address details, credit card details,
passport information, airline miles
account information, medical information
taken for hotel spa bookings and more.