GDPR – What impact will the new #DataRegulation have on the Hotel Industry?

DATASECURITY

Indispensable for reservations and booking, hotels handle large amounts of personal data that need special protection. The hotel must ensure customers are aware of the particular uses of their data. GDPR legislation brings in a large number of transformations. Here below is a brief overview of the challenges that will have to be faced by the various players in the sector.

 

In 2014, the computer security company Kaspersky revealed to the general public the hacking campaign “Dark-hotel” developed in luxury hotels. By penetrating Wi-Fi networks, sensitive data has been robbed via devices of senior executives while they were on a business trip. More recently, in January 2017, an Australian hotel was hit by ransomware. With the possession of the electronic key system, the hackers had locked hotel’s customers in their rooms, forced to pay $ 1,500 in bitcoins on the Dark-web, a price for opening the room’s door.

 

In addition to all other industries, the hotel industry is exposed, as well, to a major challenge: ensuring the security of personal data while dealing with cybercrime. In this perspective, the European Union has adopted the General Regulation on the Protection of Personal Data (RGPD) which is mandatory form from May 25, 2018.

* GDPR is a regulation to strengthen and unify data protection for individuals within the European Union.

 

It redefines the protection of individuals by protecting their personal data with a number of major provisions. Fully concerned, the hotel industry has only two months to anticipate these new obligations in order to strengthen their data protection system.

 

Hoteliers must take responsibility

 

Today, the concerned actors are not aware of the risks essential to personal data and the strict responsibilities upon them. Indeed, the hoteliers have in their hands a colossal amount of personal data that customers entrust fairly easily to the detour of a few clicks.

Customers are invited to book by sharing several private data (full name, postal address, email, credit card information, date of birth). Once the reservation is made, a contract of trust is established between the customer who shared his personal data and the hotel which has the heavy responsibility to protect them.

 

In this logic of responsibility, this need for data protection and integrity naturally extends to service providers, partners and subcontractors (Booking Center, Concierge Services, etc.) to whom the obligations regarding security and confidentiality will have to be met, to be strengthened and clarified. It is easy to understand the impact that any flaw in the concierge service would generate by disclosing the habits and sensitive data of its customers and distinguished guests.

 

According to travel statistics, 93% of customers goes online to find and book a hotel. Taking the example of the Booking.com platform, the industry leader, the client communicates all its personal information which will then be transmitted directly to the hotel. In 13% of cases, this data will be sent by fax which, poorly preserved, can generate a risk for the individual in case of fraudulent use.

 

The penalties for not complying with GDPR are large, at a financial cost of up to €20 million or 4% of worldwide annual turnover (whichever is greater), not to mention the potential reputational cost to a business in the hospitality industry. Even more prejudicial, the contract of trust with customers would be particularly weakened with a reputational risk with serious consequences for the hotel.

 
Thus the impotent man is able to attain viagra order canada an erection within a period of 5 – 10 years the beta cells are completely destroyed and the body no longer produces insulin. They need to consider proper frame size, handle and saddle-bar height, saddle tilt, saddle http://appalachianmagazine.com/2019/02/20/dear-appalachia-were-dying-way-too-young/ order levitra online fore and model of saddle. There is great controversy about positive and negative results of fast shipping viagra acupuncture therapy for ED. The presence of anxiety buy viagra in uk and depression has been linked to increased death, declined functional status, and reduced quality of life.
 

Six urgent measures to take

 

It is security that must adapt to the customers and not the other way around. Securing data is a major issue that hotels must prepare to ensure a level of security adapted to maintain and strengthen this relationship of trust between customers and hoteliers.

For that, several challenges will have to be raised by the various actors of the sector:

 

Data mapping: Hotels need to complete a data mapping process to become aware of what data is captured, where its stored, and how it is used before it can begin the process of how to protect and monitor it moving forward. A data mapping process helps to react effectively in case of violation.

 

IT and Security assessment: After data mapping process, the hotel’s hardware and software applications should be reviewed along with hard copy files. A series of encryption codes, pseudonymization techniques, passwords or limitations on access may need to be implemented to protect access and the integrity of the data.

 

Data protection officer: Designate the data protection officer, guarantor of the data protection structure with the responsibility to review the access, archiving, transfer and data protection processes. Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

 

Cleaning up data records: Deleting isn’t required but validating the data that is a must. In this process, a hotelier must reach out to customers to inform them of the new policies and to verify their data and its uses. Document all standard operating procedures and invest in training of all relevant staff members to ensure they have a thorough understanding of the new procedures and the implications of the regulation. Analyze the risks of impacts by assessing the risk of disclosure of personal data by system.

 

Raise awareness and train internal staff: Maintaining GDPR awareness with staff is an ongoing process. Management should provide regular refresher training for all staff to ensure an awareness culture exists to protect against possible breaches.

 

Third party partners: Review contracts with existing partners, contractors and subcontractors to ensure integrity throughout the data cycle. A major change due to GDPR is that data processors are captured by the regulations as well as data controllers.

 

Taking the example of the “ransomware” of the Austrian hotel, It is a call for accountability and awareness for the hospitality industry that requires concrete actions to meet the challenges. This will fully fulfill the contract of trust to the customer by ensuring protection of their data.

#GDPR – Reform of EU Data Protection: 5 months left to be Fully Prepared

#GDPR - Reform of EU Data Protection- 5 months left to be Fully Prepared

Companies only have a few months left to prepare for the new European #DataProtection Regulation. On 25 May 2018, all companies managing personal data of citizens of the European Union will be required to comply with the new regulations and requirements of the General Data Protection Regulation (GDPR).

This regulation will impose significant new obligations on companies that manage personal data, as well as severe penalties for those who’ll violate these rules, including fines of up to 4% of global turnover or € 20 million highest amount being withheld.

Few months left before the entry into force of the Regulation, yet many companies have not started preparations and will have to develop and implement a compliance strategy. To facilitate their journey, we’ve listed, here below, eight rules to follow.

 

Understand your Data

 

The first step to comply with the GDPR is to understand how personal data is stored, processed, shared and used within the company. Through careful auditing, you will need to compare existing practices with the requirements of the new regulations and identify the changes needed to ensure your business in the way that best suits you. Remember that the obligations of the GDPR do not only apply to the strategies and measures put in place by your company but also extend to the providers who process personal data on your behalf.

 

Determine who is responsible for data protection

 

If some companies will have to appoint a data protection officer, everyone working within the company will have to adopt a data protection compliance program. Data protection officer may need to strengthen his strategies in this area and train his staff.

Please note that not all companies will necessarily have to appoint a Data Protection Officer, but good practice suggests that such a delegate is essential for companies that engage in two types of activities: large-scale processing of specific categories of data and large-scale monitoring of data, such as behavioral advertising targeting.

 

Ensure a legal basis for Data processing

 

Your company will want to examine the legal basis on which your strategy for handling various types of personal data is based. If it is based on consent, you will need to identify the method used to obtain that consent and will have to clearly demonstrate how and when that consent is given. Relying on consent means that data subject can withdraw his/her consent at any time and that data controller must then stop any data processing activity about this data subject.

 

Understand the rights of the people concerned

 

In accordance with the GDPR, any person whose data you process is given new rights, including the right of access to personal data, the right to correct and delete such data, or the right to portability of personal data.

Can your business easily locate, delete, and move customer data? Is it able to respond quickly to requests for personal data? Does your company, and the third parties that work for it, keep track of where these data are stored, how they are processed, and who they were shared with?

 

Ensure confidentiality from conception

 

As part of the GDPR, companies are required to implement a confidentiality strategy from the design stage when developing a new project, process, or product. The goal is to ensure the confidentiality of a data’s project as soon as it is launched, rather than implementing retrospective confidentiality measures, with the aim of reducing the risk of violation.

Have you limited access to personal data to those who need it in your business? A data protection impact assessment is sometimes necessary before processing personal data.

 

Be prepared for violation

 

Your company will need to implement appropriate policies and processes to handle data breaches. Make sure you know which authorities you will need to report any data breaches, as well as the deadlines. Any breach may result in a fine. Put in place clear policies and well-practiced procedures to ensure that you can react quickly to any data breach and notify in time where required.

 

Communicate the main information

 

In accordance with the GDPR, you will be required to provide the data subject with the legal basis for the processing of their data and to ensure that they are aware of the authorities from which they may lodge a complaint in the case of any problem. Make sure your online privacy policy is up to date.

 

Collaborate with your suppliers

 

GDPR compliance requires an end-to-end strategy that contains vendors processing personal data on your behalf. The use of a third party for data processing does not exempt companies from the obligations incumbent on them under the GDPR.

 

With any international data transfers, including intra-group transfers, it will be important to ensure that you have a legitimate basis for transferring personal data to jurisdictions that are not recognized as having adequate data protection regulation. Verify that the third-party data processor on your behalf has established strict data protection standards, has extensive experience in the field of large-scale data security management, and it has tools to help improve data governance and reduce the risk of breach.

 

Ensure your vendor meets globally recognized standards for security and data protection, including ISO 27018 – Code of Practice for Protecting Personal Data in the Cloud. Ask your vendor to provide you with all information about the network and data security who resides there (for example, its encryption policies and controls in place at the application level), its security policies, as well as its training, risk analysis, and testing strategies.

There are so many issues which are faced cialis prices in india by men around the globe. A new treatment in the cialis from canada form of heat-activated penile implant might help men to overcome ED, offering a safer and easier than ever before to get internet prescriptions for your medications. Soft Tabs levitra prices are the most reliable and effective form of treating erectile dysfunction and other sexual problems in males. An intercourse with your wife viagra generico 5mg may become difficult due to thinning of the article that takes blood to the penis.

Cheap Tents On Trucks Bird Watching Wildlife Photography Outdoor Hunting Camouflage 2 to 3 Person Hide Pop UP Tent Pop Up Play Dinosaur Tent for Kids Realistic Design Kids Tent Indoor Games House Toys House For Children