The General Data Protection Regulation (GDPR) is coming, and your hospitality business needs to be ready.
What is GDPR?
The EU have put together GDPR as a way of updating data protection laws for how data is used in the age of the internet and cloud computing. It gives EU citizens a bigger say on what companies can and can’t do with their personal data, and tougher punishments for companies who’re misusing this.
Under GDPR, ‘personal data’ will have a much broader definition. Anything that can be used to identify someone will count as personal data.
The Regulation will apply to companies from 25 May 2018. The UK’s decision to leave the EU won’t affect businesses based here; they’ll still have to comply. If a company is caught breaching GDPR, and can’t prove they’re innocent, they risk facing a fine of up to £18 million or 4% of their annual turnover, whichever is bigger.
How Will GDPR Affect my Hospitality Business?
Hospitality businesses collect and process lots of personal data on a daily basis. Booking references, payment card details, membership numbers, marketing lists, email threads and social media communications all involve the collection and processing of personal data and fall under that broad definition we mentioned earlier.
In the hospitality sector, profit margins can vary from massive to modest. But no matter how big your hospitality business is, a breach of GDPR is still a breach. So you need to be ready, or the consequences could be devastating for your company.
How to Prepare for GDPR
GDPR is a gigantic deal, but it doesn’t have to be scary. If you’re prepared, there’s no need to be scared at all. There are a few ways you can prepare.
Compare your current data protection rules against GDPR. This will improve your knowledge of the Regulation, and show you if there are areas where you need to get caught up.
Review the customer data you have and what you’re using it for. Get rid of anything that you aren’t using and make sure you have your customers’ consent for anything you are using.
Be transparent. You need to clearly explain how you collect, store and use customer data, and make this explanation accessible. Recording when your customers’ data is collected, and when and what it’s used for, could help you to be transparent.
Raise GDPR awareness across your hospitality business. Every department in your company will deal with personal data from time to time. All your employees should know what and what not to do with it in these situations. You could organise some GDPR awareness sessions to get everyone in the know.
To round up our advice, here are some quick do’s and don’ts for complying with GDPR:
- DO register with the Information Commissioner’s Office (ICO) as a Data Controller
- DO give your customers access to their data when they ask for it
- DON’T hold on to customer data for longer than needed
- DON’T ignore opt-out requests
- DON’T forget to get consent for every piece of data you collect, store or use
Prepare for GDPR Now
GDPR is getting closer. But if you start preparing for it now, there’s nothing for you to worry about. Follow our advice and check out the ICO website for more information about the Regulation.