GDPR Hospitality Compliance

It covers any information that allows an EU resident to be personally identified whether included in a membership, client or prospect database. The latest information from the Information Commissioner’s Office (ICO) reports that the hotel Group Marriott is to be fined almost £100m after hackers stole records in excess of 300 million guests.

All organisations now have a legal obligation to comply with GDPR. It is therefore important to understand what it involves, and how you can prevent any future damage. All data about persons in the EU are covered under the GDPR. This includes both guests and employees. No industry is exempt and hotels should document what personal data they hold, where it came from and with whom it is shared.

The GDPR also grants extra protections for additional “sensitive data” such as data that reveals any of the following:

• trade union membership, which may be revealed by event attendance

• biometrics for the purpose of uniquely identifying someone, such as a fingerprint stored for opening doors

• health status, which may be disclosed in guest requests

As the hospitality sector often handles guests’ private information, the security of this data is paramount. It can be easy to underestimate the importance of security in relation to print, but any device that connects to a hotel’s network is vulnerable to hackers and malware. Therefore, features such as password protection and restricted access settings are vital to secure guests’ data and prevent unauthorised access to sensitive information.

How Apogee can help

Apogee work with organisations to develop tailored GDPR compliance based on the organisation’s data management and processes. To find out further details on how Apogee can help your organisation work towards compliance, complete the form below.