• Customer Portal
  • Remote Support
Logo
  • Home
  • Services
    • IT Support and Maintenance
    • IT Hardware and Software
    • Microsoft 365 /Cloud Services
    • Pensieve Cyber Security
    • Wi-Fi
    • Data Protection
    • Hospitality POS
    • Project Management
  • Sectors
    • Hospitality
    • Small & Medium-Sized Enterprises
    • Non Profit Organisation
  • Support
    • Customer Portal
    • Remote Support
  • About
    • Testimonials
    • Contact Us
    • ISO Certification
    • Cyber Security
    • Cyber Essentials Certification
    • Environmental Statement
  • Careers
  • News
    • All News
    • Social Media News

How to… survive the GDPR’s strict new data rules

  • HOME
  • NEWS
  • How to… survive the GDPR’s strict new data rules

28th August, 2017

Businesses should ready themselves now for a host of requests from guests asking how they are using their data, says Sarah Williamson


Respect for guest privacy has always played a crucial part in the success of the hospitality industry, but in today’s hyper-connected world that includes protecting your guests’ precious personal data.

Innovations such as algorithm-led online review systems have already placed data centre stage in recent years, but the competing requirements of guest privacy set against the need to maintain long-term relationships 
and secure repeat business will become even more complicated to navigate with the introduction of the EU’s General Data Protection Regulation (GDPR).

The GDPR, which is coming into force from 25 May 2018, aims to give new data rights 
to individuals, principally by fundamentally altering the way businesses approach the 
collection, storage and manipulation of data, and requiring companies to embed data 
privacy into their processes and systems.

These requirements will create a compliance burden for any organisations processing personal data and will have major implications for hotels and the hospitality sector.

Failure to comply will be expensive, with fines of up to 4% of annual global turnover or €20m (£18m), whichever is the greater.


How should a business get its data ready for the General Data Protection Regulation?

Find the gaps
For companies unsure of 
their preparations for GDPR, 
a gap and risk analysis service is 
a great first initiative. An analysis can evaluate current data protection procedures and compliance, and assess these against the requirements under GDPR in order to identify gaps. These audits can be crucial 
in helping an organisation 
identify the biggest threat in terms of financial and reputational risk.

Raise awareness 
across all departments
The focus on fines may 
have brought GDPR to the 
board and marketing department’s attention, but everyone 
within the business needs 
to know how they should be 
handling information and data access requests when they 
come into the business.

Be ready for a 
customer backlash
It is not only business awareness that needs to be 
dealt with. Consumer rights 
groups are likely to be campaigning to let the public know of the new rights and 
of companies’ responsibilities. 
The Information Commissioner’s Office is also expected to launch 
a major PR offensive in early 2018, alerting consumers to their new rights as “data subjects”.

A flood of data subject requests is possible, be it access requests from current or former employees, or requests from customers wanting to see what information
is held about them or to have
it removed. To minimise any resulting disruption, you need to know where data is held and to have processes in place to quickly access, amend and remove it as necessary. You need to be ready 
to respond to enquiries and 
formal requests in a way that builds trust. And, conversely, 
to ensure that distrust doesn’t lead to a haemorrhaging of 
usable data from your business.

Improve your
 data transparency
Businesses need to be 
more prescriptive and detailed
in how and why they manipulate data, and also in what data they capture. They will also need 
to offer evidence of this.

For instance, at media giant 
Sky, reporting and recording has already become more focused 
in readiness for GDPR. The company is tagging data with
time and date stamps as well 
as attaching what are called “trackers and gatekeepers” on certain activities so that they can capture the evidence of a change in the way the data is used.

Prepare for another 
‘TripAdvisor effect’
Some businesses are 
making a comparison between GDPR and the disruptive effect that price comparison sites or review sites such as TripAdvisor 
and Amazon have had on the 
travel and retail industries.

These innovations forced 
a shift in the balance of power between marketing departments and customers when it came 
to the way the brand was seen, defined and able to market and price its products. GDPR will force yet another shift in power from companies to consumers. Trying to stand in the way of this disruptive juggernaut is futile.

Instead, as they have 
with TripAdvisor and the like, businesses must look for ways 
to adapt and take advantage 
of the new world of marketing, data and consumer control.

Source – The Caterer  www.thecaterer.com – Sarah Williamson is a partner at Boyes Turner

Tiernys IT
Address
Quin Road Business Park,
Ennis, Co. Clare,
Ireland, V95 TWC1

E-mail
[email protected]
Phone
IRE +353 65 682 8281
USA +1 202 977 2086
Copyright 2025 Terms & Conditions | Privacy Policy | Cookie Policy
Site by acton | web
<

ItemCustomer Portal

ItemFree Site Survey

ItemRemote Connection

Tierneys I.T. Solutions, Ennis | Hospitality POS | IT Maintenance & Support | Ireland
Manage Cookie Consent
We use cookies to optimise our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Preferences
{title} {title} {title}