WHAT IS GDPR?
GDPR “General Data Protection Regulation” is the new regulation in EU law on data protection and privacy. This was aimed to “give control to citizens and residents over their personal data and to simplify the regulatory environment for international business“.
This regulation will take effect as of May 25, 2018, provoking major changes in the management and protection of personal data collected by hotels.
All company that collect and/or save data from European residents or organizations will fall under this regulation.
WHAT SANCTIONS ARE APPLICABLE FOR A HOTEL?
Infringing EU laws comes with a substantial monetary sanction:
- 20 million euros for SMEs,
- 4% of total revenue for large groups
On top of a significant fine, the reputation of the hotel could be put in jeopardy. Especially nowadays, that personal data seems to be quite the hot topic.
WHAT ARE THE RISKS FOR THE HOSPITALITY SECTOR?
1 – Greater difficulties in conducting marketing campaign :
With the GDPR coming into force, hoteliers will only be able to collect and store customers’ information for a “legitimate and perfectly explicit” reason. Marketing emails will, therefore, fall under the new regulations. Hotels will now have to provide concrete proof that customers had given their consent for their email to be used for “marketing” purposes.
2 – Recrudescence of customers’ personal data:
From now on, anyone has the right to question the person in charge of storing customers data regarding his/her own personal information. Besides, they will own the “Right to be Forgotten”. This right grants consumers the ability to easily have all of their data deleted from the hotel database.
3 – Joint liability for data processing with the subcontractor:
The GPDR stipulates that the hotel and the subcontractor, hosting data for the hotel, are jointly liable for any misconduct or law infringement. Consequently, any hotel outsourcing their data, should verify that the subcontractor is aware of the law and has adapted accordingly.