It was merely 15 short months ago when the industry was abuzz with talk of the latest GDPR regulations coming into effect.
What were we supposed to do? Would anyone really crack down on violations?
For many hotels, changing technology to become compliant was just too big of a task – too many different systems and bits and pieces of guest data, some siloed, some intertwined across systems into a complex web of information. So, the introduction of the regulations came and went, and still many companies failed to think about their data security. Now though, the industry must learn to change its mindset.
It was announced that both Marriott and British Airways would be charged hefty fines, £99 million and £183 million, respectively, after data breaches that violate GDPR regulations. Both companies also face legal battles due to the breach. These were the first two major players within the hospitality to feel the impact of the GDPR, but outside of hospitality, regulators in the UK, France, Austria, and across Europe are reporting a sharp increase in data protection complaints and breach notifications since the GDPR came into effect.
I’d like to say that our industry is moving in the right direction and that this the last we will see of data breaches, but until we make this a priority, data security remains a major threat. And an expensive one, at that. Violating GDPR regulations carries maximum fines up to €20m or 4% of a company’s global turnover – whichever is higher.
Luckily, hoteliers do have options to become compliant, without major overhauls or complex IT projects. First, they must have a proper way to manage all guest data. Since most hotels use multiple different systems that all store guest data in different formats, this can quickly become a burden. One way to simplify the storage of data is to centrally manage all guest data in one system.
Once all guest data is stored in one system, it becomes easier for the hotel to ensure its security and process guest profiles according to GDPR regulations. Centralized data management has further benefits beyond data privacy. It allows hotels to better understand their guests and to use data in meaningful ways. The ability to personalize marketing, improve upon operations, increase guest loyalty, and ultimately to generate more revenue all become a reality.
While central data management is crucial for data security, it is not enough for a hotel to ensure that it is GDPR compliant. This is only the first step in data storage. With GDPR regulations, hotels must also be equipped to update, retrieve, edit, or remove guest data, if this is so requested by the guest. At dailypoint, hoteliers are set up with a Privacy Dashboard, which allows users within the hotel to update and manage guests’ preferences on one screen, and have those preferences reflected across all other systems that the hotel uses. So, the hotel can fulfill any data request at the click of a button. This ensures that the hotel is always GDPR compliant.
Our industry cannot go on with its head in the sand when it comes to the GDPR, particularly when there are such simple solutions on the market to ensure compliance. We must get up to speed when it comes to data security. The time has come for hoteliers to set data privacy as a major priority before more fines and lawsuits roll in.