Hotel Owner April 2018 | Page 22

ADVICE
ADVICE
PREPARING FOR GDPR
Advice
Are you ready for GDPR?
New EU rules on how you can use your customers’ personal data - General Data Protection
Regulation - are coming into effect next month. If you’re not already up to speed, we did a
whip-round the experts for some last minute advice on how to fall into line
ROYTHORNES SOLICITORS core principles of data protection remain but
By Julia Seary, company commercial with tighter controls.
partner, Rothornes Solicitors
There are many old and new rules
coming into force but the crucial aspects
How ready are you for GDPR? to bear in mind for any industry include the
General Data Protection Regulation, or GDPR tighter scope of explicit consent (do you
for short, is the topic on everyone’s mind have it and, if not, how do you legally get it),
at the moment but what does it actually increased transparency (the new ‘right to be
mean and how ready are businesses? A forgotten’ and ‘right to be informed’ rules)
recent survey revealed that only 7% felt very and the need to demonstrate compliance if
prepared for the GDPR regulations. Instead the Information Commissioner’s Office (ICO)
the majority felt somewhat ready (50%) with suspect any misconduct.
25% feeling not very or not at all prepared
ARMADILLO CRM
and 4% having no awareness of GDPR at all.
have Nicholas Blake is the head of data
different ‘pain points’ with the new regulation and digital operations at Armadillo
but a good place to start is with an action CRM, which specialises in customer
plan such as this: relationship marketing
Each
business
1. 
N ominate
a
and
GDPR
industry
lead
or
Data
Processing Officer (DPO) to front the
initiative
2. C
 arry out a data mapping review to
understand what data you hold and where
it has come from
3.  Update your customer facing privacy
notices
4. R
 eview and update all relevant data-
related policies and procedures
5. C
 larify and document the legal basis that
you are relying on for processing data
6.  Remove any opt-out pre-ticked consent
boxes and replace with opt-in boxes
7.  Check your marketing lists comply with the
new regulation
8. U
 nderstand how and when to respond to
22
www.hotelowner.co.uk
Despite GDPR changing the methods of
Data Subject Access Requests (DSARs) capturing and managing customer data for
9. 
Check your IT systems can properly good, the regulations don’t need to herald
support compliance
10. 
Review
all
third-party
the end of useful data. There are still ways
supplier in which businesses can continue to gather
arrangements with regard to the new useful data and, crucially, help gain customer
regulatory requirements trust at the same time. Here are the three
11. 
Review any international data flow if
relevant to your company
12. Ensure staff are adequately briefed and
carry out ongoing audits
essential areas to address.
1. Justify the data you are collecting
Once GDPR is in force you can only collect
data for specific, explicit and legitimate
The key take home message is that you must purposes. Every company should be able to
have a lawful basis to process individuals’ answer the question: “Why are we collecting
data. Whether it be in regard to marketing this data, and is it justified?”
bulletins, IT security, customer relationships, Transactional data is easier to answer
employee data storage or data transfer, the – retailers have a legitimate reason to
April 2018