Tech Talk

Recent posts

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

The forces driving local search rankings are constantly changing. But recent studies suggest that in 2019, four key factors make up the local search algorithm. 
 
The most significant factor is Google My Business (GMB). If you’re not on it, get on it now.

The robotic revolution in the hospitality industry might seem to have taken a step back. This January, the famously quirky Henn-Na Hotel in Japan fired half of its 243 robot staff. The robotic workforce reportedly irritated guests and frequently broke down.

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?

Hotel guests commonly bring multiple devices with them during their stay. However, many hotel environments don’t provide easy access to charging outlets. This situation can lead to a guest feeling more than inconvenienced. A recent survey found almost 90 percent of people "felt panic" when their phone battery dropped to 20 percent or below.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

The Top 5 GDPR List for Hoteliers



Hotels have Finally Jumped into the GDPR Game

May 25 is quickly approaching, and the streets are abuzz with GDPR. Hoteliers are struggling for guidance and everyone has a thought or opinion as to what getting to GDPR compliance means. The worst part is we are seeing so many hotels receiving incomplete or faulty information and they will be in for a rude awakening soon.

Complying with the GDPR directives requires a hotel to implement a combination of administrative and technical controls focused on protecting the personal information of EU residents. We know that hoteliers are focused on privacy statements and policies, but we also know that most hoteliers are ignoring or overlooking these critical areas.

1. Explicit consent – How will a hotelier collect, save and reference explicit consent?

2. Right to be forgotten – How will a hotelier purge customer records from commercial off-the-shelf applications when those providers don’t have a process yet?

3. Notification of third parties to purge customer data – What is the communication method and verification process to ensure that whoever a hotel shares guest data with (for example third party email marketing partners) will also purge guest data?

4. Vendor risk assessment process – How will a hotelier ensure that third-party partners are prepared and able to comply with GDPR. Hoteliers must also think about their cloud providers, back up providers, email partners, revenue partners, rewards programs and more.

5. Complying with the technical controls – This will be the most difficult and troubling set of controls for hoteliers. First, settling on a framework that will guide the hotel’s data protection strategy is important. The reality is if a hotel can’t achieve PCI compliance it is unlikely they will achieve GDPR compliance.

6. Process to ensure timely notification – Failure to notify the appropriate data protection authorities in a timely manner will result in significant fines and penalties. 

Checklist to assist in GDPR preparation

These are the top five items that a hotelier can focus on to move the ball closer to compliance by the required dates.
 

1. Know with whom you share data!
This includes business as well as technical sources.  Make sure data flows are documented and include who and why data is shared.

2. Hire a Data Protection Officer (DPO) to handle all claims from EU consumers and data protection authorities. While not necessary in all cases, it is recommended. A virtual DPO is affordable and will ensure communications are responded to correctly and in a timely manner.

3. Create a manual paper process to capture the guests explicit consent for email marketing (opt-in) and the sharing of data with third parties. Until PMS developers have a process in place to programmatically capture consent having a paper process will mitigate the risks.

4. Clearly define your organizations record retention policy and requirements. The right to be forgotten has some exceptions and can be guided or modified to remain consistent with normal business processes.

5. Ensure all third parties have undergone a Vendor Risk Assessment and that you understand the risks associated with their engagement.

6. Ask all third parties to provide a statement of compliance and detail explanation of what processes exist for the protection of your guests’ data. This includes OTAs, PMS providers, marketing companies, cloud providers and other technology providers.

No one really knows how European Data Privacy Authorities police will enforce the GDPR directives.  In the hospitality vertical it is easier to blacklist properties that develop a reputation for not protecting the data of EU nationals.

With all of that said, when we look at properties struggling with PCI compliance we know they will not be able to attain GDPR compliance. The security framework is somewhat more stringent and will be burdensome on U.S. properties.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code