• Follow us on:

 

Tech Talk

Recent posts

Over the years alternative payments methods have grown in popularity. Merchant Link’s Director of Product Christian McMahon sat down an online source to talk about the rise and challenges of QR- based payments.

Jumping into the world of online marketing can be daunting, especially if you fall victim to famous marketing myths that could affect your hotel promotion mission. These marketing myths can cause you to lose revenue if you base your hotel promotion decisions on them. Don't be mistreated by marketing myths that lure you down the wrong path, drain your resources and leave you more exhausted than elated. 

Hotel management companies are asking, how does the new privacy act in California compare to the new European Union privacy law? Here is a side-by-side comparison which reveals a few things that hotels should know. 

HITEC 2018 brought on new innovations and cautions of data protection. James Lingle reviews his highlights from HITEC and questions solutions for the hospitality industry customers. 

Everything's bigger in Texas, including HSMAI's 2018 Revenue Optimization Conference co-located in Huston with HITEC. HSMAI recaps their highlights from ROC; an event that drew more than 600 attendees for the third year in a row.



want to read more articles like this?

want to read more articles like this?

Sign up to recieve our weekly newsletter and monthly e-magazine and never ever miss an issue!

Subscribe

Keep up to date on all the latest industry news.

x
 

The Top 5 GDPR List for Hoteliers



Hotels have Finally Jumped into the GDPR Game

May 25 is quickly approaching, and the streets are abuzz with GDPR. Hoteliers are struggling for guidance and everyone has a thought or opinion as to what getting to GDPR compliance means. The worst part is we are seeing so many hotels receiving incomplete or faulty information and they will be in for a rude awakening soon.

Complying with the GDPR directives requires a hotel to implement a combination of administrative and technical controls focused on protecting the personal information of EU residents. We know that hoteliers are focused on privacy statements and policies, but we also know that most hoteliers are ignoring or overlooking these critical areas.

1. Explicit consent – How will a hotelier collect, save and reference explicit consent?

2. Right to be forgotten – How will a hotelier purge customer records from commercial off-the-shelf applications when those providers don’t have a process yet?

3. Notification of third parties to purge customer data – What is the communication method and verification process to ensure that whoever a hotel shares guest data with (for example third party email marketing partners) will also purge guest data?

4. Vendor risk assessment process – How will a hotelier ensure that third-party partners are prepared and able to comply with GDPR. Hoteliers must also think about their cloud providers, back up providers, email partners, revenue partners, rewards programs and more.

5. Complying with the technical controls – This will be the most difficult and troubling set of controls for hoteliers. First, settling on a framework that will guide the hotel’s data protection strategy is important. The reality is if a hotel can’t achieve PCI compliance it is unlikely they will achieve GDPR compliance.

6. Process to ensure timely notification – Failure to notify the appropriate data protection authorities in a timely manner will result in significant fines and penalties. 

Checklist to assist in GDPR preparation

These are the top five items that a hotelier can focus on to move the ball closer to compliance by the required dates.
 

1. Know with whom you share data!
This includes business as well as technical sources.  Make sure data flows are documented and include who and why data is shared.

2. Hire a Data Protection Officer (DPO) to handle all claims from EU consumers and data protection authorities. While not necessary in all cases, it is recommended. A virtual DPO is affordable and will ensure communications are responded to correctly and in a timely manner.

3. Create a manual paper process to capture the guests explicit consent for email marketing (opt-in) and the sharing of data with third parties. Until PMS developers have a process in place to programmatically capture consent having a paper process will mitigate the risks.

4. Clearly define your organizations record retention policy and requirements. The right to be forgotten has some exceptions and can be guided or modified to remain consistent with normal business processes.

5. Ensure all third parties have undergone a Vendor Risk Assessment and that you understand the risks associated with their engagement.

6. Ask all third parties to provide a statement of compliance and detail explanation of what processes exist for the protection of your guests’ data. This includes OTAs, PMS providers, marketing companies, cloud providers and other technology providers.

No one really knows how European Data Privacy Authorities police will enforce the GDPR directives.  In the hospitality vertical it is easier to blacklist properties that develop a reputation for not protecting the data of EU nationals.

With all of that said, when we look at properties struggling with PCI compliance we know they will not be able to attain GDPR compliance. The security framework is somewhat more stringent and will be burdensome on U.S. properties.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code