How to… survive the GDPR’s strict new data rules | Tierneys I.T. Solutions, Ennis | Hospitality POS | IT Maintenance & Support

Businesses should ready themselves now for a host of requests from guests asking how they are using their data, says Sarah Williamson 

Respect for guest privacy has always played a crucial part in the success of the hospitality industry, but in today’s hyper-connected world that includes protecting your guests’ precious personal data.

Innovations such as algorithm-led online review systems have already placed data centre stage in recent years, but the competing requirements of guest privacy set against the need to maintain long-term relationships  and secure repeat business will become even more complicated to navigate with the introduction of the EU’s General Data Protection Regulation (GDPR).

The GDPR, which is coming into force from 25 May 2018, aims to give new data rights  to individuals, principally by fundamentally altering the way businesses approach the  collection, storage and manipulation of data, and requiring companies to embed data  privacy into their processes and systems.

These requirements will create a compliance burden for any organisations processing personal data and will have major implications for hotels and the hospitality sector.

Failure to comply will be expensive, with fines of up to 4% of annual global turnover or €20m (£18m), whichever is the greater.

How should a business get its data ready for the General Data Protection Regulation?

Find the gaps
For companies unsure of  their preparations for GDPR,  a gap and risk analysis service is  a great first initiative. An analysis can evaluate current data protection procedures and compliance, and assess these against the requirements under GDPR in order to identify gaps. These audits can be crucial  in helping an organisation  identify the biggest threat in terms of financial and reputational risk.

Raise awareness  across all departments
The focus on fines may  have brought GDPR to the  board and marketing department’s attention, but everyone  within the business needs  to know how they should be  handling information and data access requests when they  come into the business.

Be ready for a  customer backlash
It is not only business awareness that needs to be  dealt with. Consumer rights  groups are likely to be campaigning to let the public know of the new rights and  of companies’ responsibilities.  The Information Commissioner’s Office is also expected to launch  a major PR offensive in early 2018, alerting consumers to their new rights as “data subjects”.

A flood of data subject requests is possible, be it access requests from current or former employees, or requests from customers wanting to see what information is held about them or to have it removed. To minimise any resulting disruption, you need to know where data is held and to have processes in place to quickly access, amend and remove it as necessary. You need to be ready  to respond to enquiries and  formal requests in a way that builds trust. And, conversely,  to ensure that distrust doesn’t lead to a haemorrhaging of  usable data from your business.

Improve your  data transparency
Businesses need to be  more prescriptive and detailed in how and why they manipulate data, and also in what data they capture. They will also need  to offer evidence of this.

For instance, at media giant  Sky, reporting and recording has already become more focused  in readiness for GDPR. The company is tagging data with time and date stamps as well  as attaching what are called “trackers and gatekeepers” on certain activities so that they can capture the evidence of a change in the way the data is used.

Prepare for another  ‘TripAdvisor effect’
Some businesses are  making a comparison between GDPR and the disruptive effect that price comparison sites or review sites such as TripAdvisor  and Amazon have had on the  travel and retail industries.

These innovations forced  a shift in the balance of power between marketing departments and customers when it came  to the way the brand was seen, defined and able to market and price its products. GDPR will force yet another shift in power from companies to consumers. Trying to stand in the way of this disruptive juggernaut is futile.

Instead, as they have  with TripAdvisor and the like, businesses must look for ways  to adapt and take advantage  of the new world of marketing, data and consumer control.

Source – The Caterer www.thecaterer.com – Sarah Williamson is a partner at Boyes Turner

Address

E-mail

Phone