With the deadline for the General Data Protection Regulations (GDPR) compliance quickly approaching, many organisations are beginning to panic over how their industry sector is going to be affected by the new regulations. This is for good reason - Failure to comply could land set your organisation back a massive £15.3 MILLION fine or 4% of annual turnover (whichever is greater), so you need to be ready. The 25th of May is your deadline for compliance.
With that said, the GDPR isn’t something that needs to be worried about when you have the adequate training on the subject.
GDPR in the Hospitality Sector
What is the Hospitality Sector?
To understand how the hospitality sector should comply with the GDPR, you must understand what the industry sector covers. The hospitality sector is a much broader sector than most others. The word “hospitality” actually refers to the relationship between a guest and a host.
This means that the hospitality sector covers businesses like restaurants, bars, hotels, and leisure centres.
Check out some of the training courses we offer for people working in the hospitality sector!
Complying with the GDPR
So now that we’re clear on what the hospitality sector consists of, what do you need to know about the GDPR to make sure that you and your organisation are compliant with the new regulations?
Well, according to Verizon’s 2016 Data Breach Investigations Report 1, the hotel industry accounts for one of the highest numbers of breaches in any sector and has the highest volume, when it comes to lost cards following a breach. As unacceptable as this is, it comes as no surprise because hotel’s process information is considered some of the most valuable among fraudsters and other criminals.
The industry is considered vulnerable to data threats because hotels process, and in many cases store long term, a very high volume of guests’ personal information and payment card transactions daily. Hotels receive this information from a variety of sources, such as third-party booking systems, a point of sales systems, concessions, their own site, emails, faxes, phones and walk-ins, meaning that there are several channels that data could be taken from.
Here are some pointers to help you comply with the GDPR:
- You must outline guidelines for collecting and managing PII (Personally Identifiable Information);
- You must establish a code of conduct for your workplace and its staff;
- You must define your organisation's core principles regarding guest data as it relates to GDPR, and recognize that data belongs to the guest, not to your organisation and;
- You must define self-regulatory audit questions.
Here at iHasco, we’ve recently released a GDPR Essentials Training course AND are soon to release a GDPR Training for Management course to help you understand how you, as an individual, can keep in compliance with the upcoming General Data Protection Regulations.
It is vital for every organisation that handles personal information to educate their staff on the details of these regulations. Completing our 35-minute course could be the difference between you losing 4% of your annual turnover or not. Is it really worth the risk?