ADVICE | FIVE WAYS TO STAY ON TOP OF GDPR
FIVE WAYS HOTELIERS
CAN STAY ON TOP OF GDPR
Handling data with care has become increasingly important in hospitality in recent years, amid
growing cybersecurity risks and as review and comparison websites play a larger role in the
industry, but the incoming General Data Protection Regulation (GDPR) will raise the importance
of personal data up a notch. By SARAH WILLIAMSON
M
Guests may want to exert their ‘right
uch guidance on GDPR remains to department’s attention, but everyone be provided from the Information within the business needs to know how to be forgotten’, or want to see what
Commissioner’s Office (ICO), but they should be handling information and information is held about them. To minimise
data access requests when they come. any resulting disruption, you need to know
the government’s recently published Data
Protection Bill outlined that the GDPR is set
One example to follow here is the
immediately where this data is held, and
to remain post Brexit, while also underlining approach taken by Auto Trader, the UK have processes in place to quickly access,
the government’s commitment to ensuring and Ireland’s largest digital automotive amend and remove it as necessary.
that the UK’s data protection laws are ‘fit marketplace, which has already planned a for the digital age’.
Hotels need to be ready to respond
number of training and education activities quickly to enquiries and formal requests in a
GDPR not only gives new data rights and is bringing in a third-party auditor to stable way that also builds trust. Conversely,
to individuals, it also creates new roles and assess readiness for next May’s deadline. hotel owners need to ensure that distrust
doesn’t lead to a haemorrhaging of usable
responsibilities for any party that handles
their data. The regulation fundamentally LOOK FOR GAPS IN COMPLIANCE alters the way businesses must approach Companies unsure of their preparations the collection, storage and manipulation of for GDPR can undertake a gap and risk also become increasingly important in
data, while requiring that data privacy be analysis service as a useful first step. maintaining long-term relationships with
embedded into processes and systems. Audits can be crucial in helping an consumers and securing repeat business.
Organisations processing personal data
data from your business.
Because of this, data privacy will
organisation to identify the biggest threat
will face major new compliance demands, to the organisation in terms of financial risk IMPROVING DATA TRANSPARENCY
and this will have major implications for and reputational risk. Transparency is a key principle to always
Typically, these audits can evaluate have at the forefront. Businesses need to
across the EU and beyond. The perils current data protection procedures and be detailed and robust in keeping records
are clear and well-publicised – business compliance, and assess this against the of their data processing activities.
could potentially face fines of up to 4% of requirements under GDPR in order to annual global turnover or 20 million euros, identify gaps.
hotels, and hospitality sector suppliers,
Media giant Sky has made changes
such as tagging data by putting more
time and date stamps on things, and
whichever is the greater.
GET READY FOR DATA REQUESTS attaching what are called ‘trackers and
on the negatives and pitfalls - businesses Consumer rights groups are already gatekeepers’ on certain activities. This
that use this law as a catalyst to change planning to actively campaign to let way it keeps better track of the data
the way they store, handle and utilise data, the public know of their new rights and being input and used. This is just one
will foster a better relationship with guests. companies’ responsibilities, so it is not only example of how reporting and recording
awareness being raised within a business need to become more focused in
that needs to be dealt with. readiness for GDPR.
But it is important not to focus purely
ENSURE ALL DEPARTMENTS ARE
AWARE OF GDPR
The ICO is also expected to launch a
Businesses must ask questions such as
The GDPR is about putting consumers major PR offensive in early 2018 alerting what data do we hold? What do we do with
first and giving them back control of their consumers to their new rights as ‘data it? Where does it go? Who does it relate to?
own data. The focus on fines may have subjects’, suggesting that a large number Do people know what to do if the data your
brought GDPR to the board and marketing of data subject requests is possible. organisation holds is at risk?
38
www.hotelowner.co.uk
October 2017