GDPR and its im­pact on the ho­tel sec­tor: The need to be com­pli­ant-ready

Hospitality News Middle East - - CONTENTS - h-hote­

The penal­ties for fail­ing to com­ply with the GDPR are huge; busi­nesses can ex­pect to pay ei­ther EUR 20 mil­lion or 4 per­cent of world­wide an­nual turnover

Why did com­pa­nies sud­denly start tak­ing an in­ter­est in our per­sonal data re­cently and be­gin send­ing out emails up­dat­ing their terms and con­di­tions, and pri­vacy poli­cies? What’s re­ally go­ing on with data pro­tec­tion right now and how does this af­fect ho­tel op­er­a­tions? Has the in­dus­try be­gun tak­ing the re­quired mea­sures to safe­guard cus­tomers’ per­sonal data and if not, what are the con­se­quences of non-com­pli­ance? Serge Chamelian, manag­ing part­ner of h-hote­lier, answers th­ese and many other ques­tions, while pro­vid­ing a wel­come def­i­ni­tion of the all-new Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) What is GDPR?

The new GDPR up­dates a di­rec­tive orig­i­nally is­sued in 1995, with the aim of strength­en­ing and uni­fy­ing data pro­tec­tion for in­di­vid­u­als in the EU, by set­ting out guide­lines for the col­lec­tion, pro­cess­ing, us­age and stor­age of per­sonal in­for­ma­tion of the bloc’s cit­i­zens.

This new leg­is­la­tion hands greater power to the con­sumer, by forc­ing com­pa­nies to be trans­par­ent about the way they are col­lect­ing, stor­ing and shar­ing their cus­tomers’ per­sonal data in­for­ma­tion.

Ac­cord­ing to the reg­u­la­tion, per­sonal data con­sists of an in­di­vid­ual’s name, phone num­ber, lo­ca­tion data, on­line iden­ti­fiers, phys­i­cal ap­pear­ance, po­lit­i­cal and re­li­gious be­liefs, bio­met­ric data, ge­netic in­for­ma­tion, sex­ual ori­en­ta­tion and more. This move to im­prove and up­grade the stan­dards for data pro­tec­tion pro­cesses will un­doubt­edly have an im­pact on the global hos­pi­tal­ity sec­tor. Ho­tels will be obliged to en­sure they are Gdpr-com­pli­ant; more­over, given that the in­dus­try has a strong dig­i­tal pres­ence and is of­fer­ing prod­ucts and ser­vices on­line, the risk of data breaches is seen as high.

GDPR and ho­tels

GDPR ap­plies to the han­dling of in­for­ma­tion on all EU cit­i­zens, wher­ever they are, so a ho­tel busi­ness based out­side of the bloc, but ac­tively mar­ket­ing, sell­ing prod­ucts and ser­vices, or mon­i­tor­ing EU cit­i­zens or cus­tomers lo­cated there, will need to meet the re­quire­ments laid out in the reg­u­la­tion. If a ho­tel in Asia is host­ing cus­tomers from the EU, for ex­am­ple, it will need to be aware of its obli­ga­tions un­der the GDPR.

The fi­nan­cial penal­ties for fail­ing to com­ply with the GDPR are huge; busi­nesses found to be in breach of the rules can ex­pect to pay ei­ther EUR 20 mil­lion or 4 per­cent of world­wide an­nual turnover, which­ever is higher. On top of this, com­pa­nies will have to con­tend with a dam­aged rep­u­ta­tion in the hos­pi­tal­ity in­dus­try and ad­verse pub­lic­ity.

Given that ho­tels rely on emails as one of their main forms of com­mu­ni­ca­tion with cur­rent and po­ten­tial cus­tomers, the im­ple­men­ta­tion of the GDPR could have a sig­nif­i­cant im­pact on their mar­ket­ing strate­gies. Cus­tomers will now have to opt in, or give con­sent to an email mar­ket­ing ser­vice, un­like the opt-out method that has been widely used by com­pa­nies in the past. This change may make it nec­es­sary for hote­liers to speak to cus­tomers at check-in, if ex­plicit con­sent is re­quired for any form of data col­lec­tion. In ad­di­tion, all loy­alty pro­grams will need to be ex­am­ined for sim­i­lar re­quire­ments if data is used in a way that re­quires con­sent.

GDPR and ho­tels’ part­ners

Un­der the new reg­u­la­tory set-up, if a ho­tel is out­sourc­ing the pro­cess­ing of data to a third party that fails to com­ply with GDPR reg­u­la­tions, the ho­tel and the third-party pro­ces­sor can be held jointly re­spon­si­ble in the event of a breach. There­fore, all soft­ware prod­ucts must ad­here to the same obli­ga­tions as those of the hote­lier. Be­low are ex­am­ples of soft­ware that ho­tels should re­view: • CRM sys­tem • Book­ing en­gines • Web­site de­vel­op­ers • Pay­ment pro­ces­sors • So­cial me­dia mar­ket­ing • Email mar­ket­ing

To sum­ma­rize, any­thing that con­tains per­sonal in­for­ma­tion about cus­tomers should be re­viewed.

Pre­par­ing for GDPR

The im­ple­men­ta­tion of the GDPR has made it es­sen­tial for ho­tels to cre­ate aware­ness and ac­quire buy-in from man­age­ment, since changes in pro­ce­dures and sys­tems could be nec­es­sary. Be­low is a plan that hote­liers can fol­low to help en­sure their data is Gdpr-com­pli­ant: • Make cus­tomers aware of their rights un­der the GDPR. • Know why data is be­ing col­lected. • Ob­tain con­sent from cus­tomers. • Au­dit and re­view cur­rent data pro­cesses (how in­for­ma­tion will be stored and han­dled). • Make sure pay­ment pro­cesses are com­pli­ant. • Train your em­ploy­ees on what con­sti­tutes a per­sonal data breach and how th­ese can hap­pen.

By forc­ing an opt-in and be­ing spe­cific about how in­for­ma­tion will be used, hote­liers will be­come smarter about what data they re­quest and keep. The use of this type of data will en­sure cus­tomers’ vis­its meet or ex­ceed their ex­pec­ta­tions. Thus, hote­liers will be left with a data­base of cus­tomers who are in­ter­ested in re­ceiv­ing rel­e­vant mar­ket­ing mes­sages and ex­pe­ri­ences, are more likely to be re­cep­tive to book­ing at the ho­tel and per­haps re­turn­ing there.

Newspapers in English

Newspapers from Lebanon

© PressReader. All rights reserved.