hospitalitytoday.com | 9
consider whether you are required
to formally designate a Data
Protection Officer (DPO) who will
be responsible for overseeing
the company’s data protection
strategy and to ensure that this is
implemented in compliance with
GDPR requirements. A hotel group
or restaurant chain, for example,
could appoint a single DPO to
undertake this role;
ensure that there are procedures
in place to detect, investigate and
report on personal data breaches;
and
invest in secure systems to prevent
data breaches, such as regularly
updating anti-virus software,
encrypting customers’ cardholder
details and other sensitive data,
access controls and other systems
designed for maximum data
protection against cyber criminals.