Europe has taken a big step in data-protection and security measures with the General Data Protection Regulations (GDPR), in effect from 25th May, 2018. With an aim to protect information from physical and technical misuse; GDPR is built on the previous data protection rule that EU applied.
Applicable to all the businesses which gather, process and record personal information of citizens and residents of EU, this GDPR compliance will provide all kinds of businesses with a strong data security structure and ensure that the personal data of any user or client is protected against misuse and theft.
Uptil now, Europe was running on the 1995 Data Protection Derivative, which is replaced by the GDPR. The new GDPR requires businesses to implement a definite set of compliances to secure the data and go along the terms of an individual's privacy rights.
The hospitality industry, being the one to deal with personal data extensively will have to ensure transparent data processing. Similar to PCI DSS compliance which works to protect card and payment information, the GDPR is imposed for restricting the access of personal information to third parties.
With GDPR in effect, you must explain to your guest as to what data you are capturing (the nature of the data), explain why you are capturing that data (the purpose of the data) and who’ll be having access to that data, (the identity of the Data Controller) and who else will have access to this data.
Thus, your guest will completely understand what data you need and your intentions with the data. Furthermore, you’ll be able to use the guest information explicitly for the reason you mention; leaving no chances of data misuse.
That is, hotels and F&B businesses in EU as well as outside EU fall under GDPR and have to be completely compliant with the rules.
This means that hotels and restaurants have to be GDPR compliant through the software they use, thus safeguarding their guests’ data from potential exploits.
Hotel technology providers have to adhere with the same rules and obligations that a hotel has to, for GDPR. Vendors who acquire personal data from their hotel clients must share a Data Processing Agreement (DPA) with the hotelier to confirm that the vendor is compliant with the rules of the GDPR.
In addition, we’ll also be deleting all the data associated with your contract upon its termination, along with the back-ups; with no delegation to any data processor without your written consent.
eZee’s hotel solutions are already PCI DSS compliant. Which means that our products are already keeping your guests’ data secure from any potential theft or misuse, making it easier for us to become GDPR ready.
You need to start preparing yourself to be GDPR ready. One step at a time to ensure absolutely safe-guarded data of your guests.