In May next year any organisation holding ‘personal data’ will be subject to sweeping rule changes in the EU’s new General Data Protection Regulation – more commonly known as GDPR.
As businesses which hold a lot of potentially sensitive customer information, hotels need to sit up and pay attention.
Being in breach of the new rules could lead to crippling penalties with administrative fines of up to four per cent of annual turnover or €20 million, depending on what is greater, so it is vital that hotel businesses ensure they understand their new obligations.
Here is our summary of the forthcoming changes hoteliers need to be aware of:
1) The definition of personal data will be widened to include information that could be used to idntify someone, whether economic, cultural, social or otherwise.
2) The rules of consent are changing so that companies must receive clear and active permission before they collect and process someone’s data.
3) Parental consent must be given for data relating to anyone under the age of 16.
4) A data protection officer must be appointed by certain companies that regularly collect and process large quantities of personal data or handle certain types of sensitive data.
5) Data protection impact assessments are becoming mandatory.
6) Stricter laws around data breach notifications will be introduced.
7) People have the ‘right to be forgotten’ – or ask for their data to be wiped.
8) If a business is not in the EU but does business there and holds EU inhabitant’s data, it will still have to comply with the restrictions.
9) Data processors carry responsibilities over data protection so are liable for breaches.
10) New restrictions are being applied to international data transfers.
11) Systems and processes must take into account data protection needs at their inception.
12) GDPR is a one-stop shop – a single supervisory authority for all 28 EU member states.
With these changes looming, it is vital that all hotels ensure they are working with a responsible and reputable property management system, like Hotel Executive, which will provide the tools to help hotels ensure they achieve GDPR compliance.
At Avon Data we’re working hard to ensure all our systems, which collect and process guest data for hotels, will be GDPR compliant well ahead of the changes next May.
We’ll be providing more detail soon on what we’ll be putting in place.