Tech Talk

Recent posts

Definitely Doug 10/18/19
Posted: 12/06/2019

Sustainable Innovation
 
Sustainability can yield multiple benefits to hotels. Saving energy and water yields direct cost savings. Revenue can be generated by guests who prefer to deal with businesses that minimize their environmental impact. And many would argue that conserving scarce resources is simply the right thing to do.

Definitely Doug 12/6/19
Posted: 12/06/2019

Meetings Innovation
 
The sale and delivery of groups and meetings is perhaps the most significant and under-automated functions for many hotels. Even though groups often account for 30% to 60% of revenue, most group bookings are still handled manually for most if not all of steps, as they move from a meeting planner’s research to a confirmed booking.

The biggest enemy to any system is complexity. In a system of inputs and outputs, such as an enterprise system, more complexity means more parts are used in interaction with inputs to create the outputs. Every part that must be built and maintained costs time and money

Tracking the evolution of key performance indicators (KPIs) over time allows hoteliers to identify meaningful trends, create forecasts and budgets and assess the results of different strategies. To perform this kind of analysis, data has to be recorded within consistent time intervals and in chronological order. This is known as a time series.

Definitely Doug 11/15/19
Posted: 11/15/2019

Every time I turn around these days, I see a new vendor or product promising something called a complete Guest Experience Management, Guest Journey Management, or Guest Engagement (or some variation on those words). This week I looked at some of the emerging products claiming to be in this space, both to try to better understand it, and to see what promising ideas it may hold.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

The Top 5 GDPR List for Hoteliers

by David Durko


Hotels have Finally Jumped into the GDPR Game

May 25 is quickly approaching, and the streets are abuzz with GDPR. Hoteliers are struggling for guidance and everyone has a thought or opinion as to what getting to GDPR compliance means. The worst part is we are seeing so many hotels receiving incomplete or faulty information and they will be in for a rude awakening soon.

Complying with the GDPR directives requires a hotel to implement a combination of administrative and technical controls focused on protecting the personal information of EU residents. We know that hoteliers are focused on privacy statements and policies, but we also know that most hoteliers are ignoring or overlooking these critical areas.

1. Explicit consent – How will a hotelier collect, save and reference explicit consent?

2. Right to be forgotten – How will a hotelier purge customer records from commercial off-the-shelf applications when those providers don’t have a process yet?

3. Notification of third parties to purge customer data – What is the communication method and verification process to ensure that whoever a hotel shares guest data with (for example third party email marketing partners) will also purge guest data?

4. Vendor risk assessment process – How will a hotelier ensure that third-party partners are prepared and able to comply with GDPR. Hoteliers must also think about their cloud providers, back up providers, email partners, revenue partners, rewards programs and more.

5. Complying with the technical controls – This will be the most difficult and troubling set of controls for hoteliers. First, settling on a framework that will guide the hotel’s data protection strategy is important. The reality is if a hotel can’t achieve PCI compliance it is unlikely they will achieve GDPR compliance.

6. Process to ensure timely notification – Failure to notify the appropriate data protection authorities in a timely manner will result in significant fines and penalties. 

Checklist to assist in GDPR preparation

These are the top five items that a hotelier can focus on to move the ball closer to compliance by the required dates.
 

1. Know with whom you share data!
This includes business as well as technical sources.  Make sure data flows are documented and include who and why data is shared.

2. Hire a Data Protection Officer (DPO) to handle all claims from EU consumers and data protection authorities. While not necessary in all cases, it is recommended. A virtual DPO is affordable and will ensure communications are responded to correctly and in a timely manner.

3. Create a manual paper process to capture the guests explicit consent for email marketing (opt-in) and the sharing of data with third parties. Until PMS developers have a process in place to programmatically capture consent having a paper process will mitigate the risks.

4. Clearly define your organizations record retention policy and requirements. The right to be forgotten has some exceptions and can be guided or modified to remain consistent with normal business processes.

5. Ensure all third parties have undergone a Vendor Risk Assessment and that you understand the risks associated with their engagement.

6. Ask all third parties to provide a statement of compliance and detail explanation of what processes exist for the protection of your guests’ data. This includes OTAs, PMS providers, marketing companies, cloud providers and other technology providers.

No one really knows how European Data Privacy Authorities police will enforce the GDPR directives.  In the hospitality vertical it is easier to blacklist properties that develop a reputation for not protecting the data of EU nationals.

With all of that said, when we look at properties struggling with PCI compliance we know they will not be able to attain GDPR compliance. The security framework is somewhat more stringent and will be burdensome on U.S. properties.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code