What hoteliers need to know as GDPR deadline looms
What hoteliers need to know as GDPR deadline looms
21 MAY 2018 7:56 AM

The deadline to be GDPR compliant is 25 May. Are you ready? Hotel News Now recaps its coverage of the EU’s new data privacy rules and what it means for hotel companies.

GLOBAL REPORT—With a compliance deadline looming this week, businesses might be scrambling to meet new rules for consumer data privacy set by the European Union, and make their new policies publicly known.

The EU’s General Data Protection Regulation, which goes into effect 25 May, requires companies to obtain consent before storing, processing or using personal data from EU citizens, and to allow those citizens to purge that data from companies’ databases at any time.

As Hotel News Now’s Sean McCracken reported in December, the new rules don’t apply only to European companies, but also to those that “offer goods and services to EU residents” or “monitor the behavior of EU data subjects.” That, of course, includes hotel companies.

Global companies from Airbnb to Google and even social media titans like Instagram and Etsy have been flooding email inboxes lately with messages announcing policy changes, CNN reports.

Here’s a recap of what else you should know about GDPR.

Failure to comply with the new rules could be costly, according to security experts speaking on a panel at the Annual Hotel Conference in Manchester in December.

Moyn Uddin, a cyber and privacy consultant, said fines for non-compliance could “be as high as €20 million ($23.6 million) or 4% of global turnover, whatever is the highest, if you really screw up.”

Writing for Hotel News Now in March, Dana Kravetz and Scott Lyon of law firm Michelman & Robinson, shared steps hotel companies should be taking to move toward GDPR compliance, including:

• data mapping;
• segmentation;
• consent;
• documentation and training; and
• accountability.

GDPR must be considered in all forms and at all levels of data collection, including the data hotels collect via mobile apps and for issuing mobile room keys, technology experts told HNN’s Danielle Hess for a story in April.

Although the new rules apply only to data collected from EU citizens, GDPR ultimately will change the way some hotel companies process, store and use data on all guests, HNN’s Bryan Wroten reported in April.

“I can’t operate by one set of terms and conditions for one set of guests and another set of terms and conditions for another,” said Kim Rittenberry, GM of the SoBro Guest House in Nashville, Tennessee.

GDPR was one of the three pressing issues on the minds of speakers at the Hospitality Law Conference in Houston in April.

On a panel titled “How EU data protection impacts your business,” Hans-Josef Vogel, partner at Beiten Burkhardt, said another factor to consider is the portability of guest data.

“If Facebook falls out of fashion, what will you do with that Facebook information?” he asked. “You have the right to ask Facebook to gather the data and send it to the next big thing.”

Compliance with the new rules is just the first hurdle, according to Will Hawkley, Mark Thompson and Tina Haller, of advisory KPMG. Hoteliers must also consider how GDPR will change the way they respond in the event of a data breach.

Key to heading off a potential hacker, they wrote for Hotel News Now, is thinking “like a hacker to beat them at their own game.”

No Comments

Comments that include blatant advertisements or links to products or company websites will be removed to avoid instances of spam. Also, comments that include profanity, lewdness, personal attacks, solicitations or advertising, or other similarly inappropriate or offensive comments or material will be removed from the site. You are fully responsible for the content you post. The opinions expressed in comments do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Please report any violations to our editorial staff.