What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data”. This regulation will come into play on May 25th, 2018. We will be focusing on how this regulation affects the hospitality sector and what can be done in preparation o GDPR.
Why is the hospitality sector at risk when it comes to GDPR?
This may seem surprising, but the hospitality sector is highly at risk of breaching the GDPR due to the amount of personal identifiable information (PII) it collects in comparison to other sectors. The hospitality sector collects up to three times more data in comparison to sectors like retail, for example, therefore a data breach could warrant more severe consequences.
Source: http://breachlevelindex.com/ (04/01/2018)
Since 2013, up to 9 million records have been compromised, and this is a figure that increases over time. Every second 58 records are compromised, this may be due to not securing data properly or having the wrong processes in place.
Last year 9,569,173 records were breached in the hospitality sector alone, according to Gemalto Reports; with more data breaches being recorded each year. Its evident cyber-attacks are on the rise and the costs of a breach can affect your business significantly. Not only could it cost large companies up to £14 Million in brand damage, but with the introduction of the GDPR businesses will also be fined up to €20 Million if they breach the terms of the GDPR.
The hospitality sector on average will take twice as much PII data compared to other sectors; scans of passports and driving licenses are among some forms of identification that most other sectors do not require. The more data being collected, the higher the risk. Secondly, there is a high number of card payments and staff rotation within this sector, therefore, making it more vulnerable to data breaches.
What Personal Identifiable Information (PII) does the hospitality industry record?
- Phone numbers
- Email Address
- Insurance Information
- Credit Card Details
- UK Driving License
Type of data compromised in the hospitality sector
The statistics below show what type of data is most likely to be compromised in the retail sector:
- 9% E-commerce
- 9% Proprietary Data
- 18% Financial Credentials
- 64% Credit card magnetic strip data
Whereas in the hospitality sector, the amount of PII data collected per transaction that relates to each customer is significantly higher.
For example: When checking into a hotel a single customer could be asked to provide:
- Passport information
- Photo Identification
- Full name
- Date of Birth
- Driving License
- Telephone numbers
- Reference details
- Card Details
7 Steps you need to consider on your GDPR Journey:
Below we have outlined 7 steps that the businesses within the hospitality sector should consider when approaching GDPR compliancy:
STEP 2: Be able to respond to data subjects’ rights and requests
STEP 3: Check how you obtain data and ensure it is up to date
STEP 4: Review your IT Security and Policies to protect against breaches
STEP 5: Review any data processing contacts eg Mail Chimp
STEP 6: Appoint a person in charge of data compliance
STEP 7: Update HR documentation and how it is held
How do I get started on my GDPR Journey?
At TechQuarters we have a 3-staged approach.
Data Discovery – we help organisations explore their current data capture processes and show them new processes that will help them conform to GDPR. We will then implement tools and technology that search the network and end points for PII.
Present – PII data is reported upon and we help implement GDPR compliance training for your organisation.
Protect – TechQuarters will help create a secure environment against breaches with a variety of technology solutions, including Microsoft’s EMS.
Jonny Fox, Head of IT of Gaucho Restaurants said ‘TechQuarters GDPR services hit the spot, with advice on business and technical processes.’
For more information, be sure to attend the HOSTECH event 2018, Click here to register
TechQuarters is also running a GDPR Technology Solutions Seminar at Microsoft London, Click here to register.