How has GDPR impacted on the Hospitality Industry?

Jun 04, 2018 editor

GDPR is now in place across the UK as data remains big business for cyber-criminals.

The hospitality industry is one of the biggest targets for data breaches according to Verizon's 2016 Data Breach Investigation Report. Hospitality venues all over the world who process EU residents' personal information have been impacted on. There is a wealth of information in booking and payment transactions processed in high volumes, often through third party websites, online databases and on the phone.

The new GDPR, which came into force across the UK on 25th May 2018, has redefined the onus on the industry to ensure data is kept safe. Failure to do so could result in a business receiving crippling fines.

Data breaches should therefore be guarded against, through proper management of information in line with GDPR governance. This is to protect the rights and freedoms of individuals against discrimination, damage to reputation, financial loss and loss of confidentiality. According to the Information Commissioner’s Office, ICO, "You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. Some organisations are already required to notify the ICO (and possibly some other bodies) when they suffer a personal data breach. The GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals".

Organisations may wish to assess the types of personal data they keep. Larger organisations will need to develop policies and procedures for managing data breaches. Failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself. GDPR representatives will need to notify ICO within 72 hours of a breach, otherwise fines for up to 4% of global business turnover could be imposed.

Advice therefore would be to ensure you have transparency of process, with clearly worded policies for anyone using your website or facilities. Cyber liability insurance may be a good back up, thereby removing the sting in the tail.

Further information can be found at .GOV