The Hotel Industry is today one of the most vulnerable to the possible threat of data security. According to EU reports, the hotel sector has been the second to suffer the largest number of data thefts in 2016, with a forecast to remain the same during 2017.
Bearing in mind that in a world of millions of daily online transactions, hotels are among the main players that make the most transactions, it is logical that they have become a target for hacker attacks and other security breaches.
The new General Data Protection Regulation (GDPR) requires companies to comply with the new EU Data Protection Directive until the end of the first quarter of 2018. Failing to comply with this new Directive, companies will face fines of up to 10 million euros or 4% of its global annual turnover.
Given the risk of serious financial penalties, the hotel sector must take immediate measures to protect personal information and consumer integrity.
More about GDPR
GDPR is an EU Directive whose aim is to strengthen and unify data protection for EU consumers. The first publication of GDPR by the European Commission was carried out in January 2012, followed by four years of negotiations, to finally be approved in 2016. The new regulation aims to replace the existing Data Protection Directive and in force on May 25, 2018.
How can hotels comply with GDPR?
The main reason why hotels are so vulnerable to data theft is the reception and transmission of customer card data through means such as email, telephone, fax, website, etc. Storing all this data on multiple platforms makes ensuring the security of customer data a very difficult task for a hotel. To ensure the protection of customer data, it is essential for the hotel to store data securely and subsequently implement secure methods of transmitting this data to third parties.
The adaptation of the website of a hotel is another necessary action so that the hotel can comply with the new regulation, since it will be mandatory to make available to the users, whose data are stored, a personalized access so that they can consult, change or delete their Own data and see that hotel employees have their data.
In order to guarantee maximum security, hotel / chain employees must have high security data storage systems and it will be necessary to abandon those collaborators with vulnerable security systems.
Influences on the Email Marketing Strategy
According to GDPR the hotel will have to be able to demonstrate that the users has given their consent to receive emails, so you must keep record of the data in order to justify the express permission of use.
In the case of mailing lists purchased, the fact that the hotel will have to justify with documentation the purchase of this list, remains the same, but additionally it will have to be able to justify that these email possessors have been informed and have given their agreement to the hotels in question to send them emails. In addition, users will have the option to specify which of the data can be used and for what purpose.
How does GDPR affect collaborations with non-EU companies?
Although the new regulation applies to EU companies, all EU companies that have partnerships with non-EU companies will have to ensure that they comply with the same requirements.
