Hospitality Today Summer 2017 (#38) - Page 9 | 9 consider whether you are required to formally designate a Data Protection Officer (DPO) who will be responsible for overseeing the company’s data protection strategy and to ensure that this is implemented in compliance with GDPR requirements. A hotel group or restaurant chain, for example, could appoint a single DPO to undertake this role; ensure that there are procedures in place to detect, investigate and report on personal data breaches; and invest in secure systems to prevent data breaches, such as regularly updating anti-virus software, encrypting customers’ cardholder details and other sensitive data, access controls and other systems designed for maximum data protection against cyber criminals.