2023 Expected to become a landmark year for data privacy in the Hospitality Industry
While innovation and technology are leading the heartbeat of the Hospitality industry, in particularly the hotel business is under the loop. With new technologies appearing and by no means much needed, the privacy and compliance to international laws is hardly being followed, and high fines are being handed out for up to 4% of (global) turnover. They will only increase in 2021 because of sharpened rules and regulations worldwide, and old and new technologies not being able to keep up with constant changes.
There is clearly great confusion with all the regulations that are popping up worldwide, particularly since GDPR was launched in the EU. Others have followed and new regulations are coming into play worldwide, like CCPA, LGDP and the international privacy laws.
Some guidelines, facts and tips that will help your operation, avoid fines and protect your guests and employees.
· The General Data Protection Regulation (GDPR) is working alongside the ePrivacy Directive (the cookie law).
· “The European ePrivacy Directive” is expected to become the new EU “ePrivacy Regulation” in 2021 and 2022.
· New regulations from Canada (DCIA), China (PIPL), Thailand and Brazil (LGPD) is a fact since 2021.
· The regulations apply to all hotels no matter what size. Our industry is sitting on very sensitive information, like credit cards, passport numbers and as soon as you enter a website countless information about you becomes available if the website is not protected.
· Data like health, origin, political affiliations and much more is considered private data and needs protection.
· If your hotel receives guests from the EU that means that you have to comply with the GDPR regulations, so even when you are operating a small independent hotel in India for example
· You are obliged to make customers and employees aware of GDPR. You are carrying data that does not belong to you.
· You need to know the purpose of collecting data and how long and why you can retain it. An example collecting email addresses at check in does NOT mean you are allowed you can use them for email marketing later.
· You need consent, which starts when a customer enters your website, that goes not only for cookies, but for more so for the Privacy Regulations.
· Often within a website you get redirected to for example the spa or restaurant website part of the company, since they are different, the same regulations need to be applied.
· Your guests have the right to get the data returned or deleted at any point.
· Education of staff is key, rooming lists, table plans and such are reason for big fines.
In my next article I will go deeper into steps to take to make sure that your property or company is compliant. However, you can always ask jeroen@secureprivacy.ai.
In the meantime, I urge you to invest small but smart in ensuring that your website(s) is fully compliant. Secure Privacy updates automatically to all compliance regulations, leaving with a safe environment for your guests.
Book a demo now and quote the promo code HOTSEC22 for a 10% off on the first annual subscription.