GDPR is now in effect! Non-compliance is unacceptable around the world, not just in the EU. If you haven’t done so already, hoteliers need to get with the program and become compliant or risk very heavy fines which may just cost you your business. Confused or not sure which items you need to be concerned with, Lodging Magazine, Kate Hughes, outlines four steps that will help start the process.
Ciske van Oosten, senior manager of the global intelligence division at Verizon’s security assurance consulting practice, and John Barchie, senior fellow at Arrakis Consulting, offer the following tips for hoteliers looking to ensure their properties are GDPR-compliant.
Create a program.
“This applies to any program—hotels need to simplify the compliance workload by standardizing their processes, technology, policies, procedures, and communication,” van Oosten explains. “We’ve worked with hundreds of hotels on compliance programs, and the ones that are most successful are the ones that have a plan and create a concrete program with standardized processes and procedures.”
Consult with experts.
“Finding legal counsel is probably the best place to start,” Barchie says. “That person will hire consultants to help understand what actually needs to happen from an operational standpoint. And there are legal specialists in the United States who specialize in GDPR. These people can also help you rewrite any consent forms with the appropriate
Reach out to stakeholders.
“Set up an internal contract with stakeholders that specifies the purpose of the GDPR program. This gives hoteliers a formal and enforceable commitment of active participation in, and adherence to, the compliance program,” van Oosten says.
“Regardless of where they are, hoteliers must be compliant by May 25,” van Oosten stresses. “They need to understand the impact it’s going to have on their business and be prepared to make the necessary adjustments. There is no ‘do nothing’ option here.”