GDPR Hospitality Compliance
GDPR is in place to prevent the misuse of an individual’s personal information and to protect the individual’s rights by limiting how that information is used.
It covers any information that allows an EU resident to be personally identified whether included in a membership, client or prospect database. The latest information from the Information Commissioner’s Office (ICO) reports that the hotel Group Marriott is to be fined almost £100m after hackers stole records in excess of 300 million guests.
All organisations now have a legal obligation to comply with GDPR. It is therefore important to understand what it involves, and how you can prevent any future damage. All data about persons in the EU are covered under the GDPR. This includes both guests and employees. No industry is exempt and hotels should document what personal data they hold, where it came from and with whom it is shared.
The GDPR also grants extra protections for additional “sensitive data” such as data that reveals any of the following:
trade union membership, which may be revealed by event attendance
biometrics for the purpose of uniquely identifying someone, such as a fingerprint stored for opening doors
health status, which may be disclosed in guest requests
As the hospitality sector often handles guests’ private information, the security of this data is paramount. It can be easy to underestimate the importance of security in relation to print, but any device that connects to a hotel’s network is vulnerable to hackers and malware. Therefore, features such as password protection and restricted access settings are vital to secure guests’ data and prevent unauthorised access to sensitive information.
How Apogee can help
Apogee work with organisations to develop tailored GDPR compliance based on the organisation’s data management and processes. To find out further details on how Apogee can help your organisation work towards compliance, get in touch today.