GDPR Compliance Deadline Has Come and Gone; What Does It Mean for Hotels?
July 24, 2018 10:46am
Beekeeper Chief Data Officer Dr. Amir Ameri answers hoteliers’ frequently-asked questions to better navigate GDPR next steps
SAN FRANCISCO, CA July 24, 2018
The European General Data Protection Regulation (GDPR) compliance deadline has passed, and it now requires every hotel in the world to have guidelines in place that protect European Union (EU) residents’ personally identifiable information against security breaches. While a lot has been discussed to help hoteliers become compliant, many are wondering “what comes next?” Dr. Amir Ameri, Data Protection Officer for Beekeeper, a GDPR-compliant developer of a digital workplace app hailed as the “Most Innovative Technology” for 2018 and the “People’s Choice” by actual users and buyers, is providing answers to some of hoteliers most frequently asked questions.
Q: How quickly will regulators levy major fines if a hotel or hospitality-related business is not GDPR compliant?
A: Before a fine is levied, an offence must be established. This may be due to an incident impacting personal data of an employee or a guest or a defined regulatory audit. Hence, establishing an offence in this matter would require evidencing several criteria, performing audits, assessing the knowledge of the offender to the offence, i.e. establishing intent and the level of due diligence the offender had met. Taking all factors into consideration, previous court rulings in the EU have taken time to give a ruling in data protection and privacy matters. Article 83 states: "In any event, the fines imposed shall be effective, proportionate and dissuasive." This will be case dependent and influenced by the legal proceedings in the jurisdiction in question as defined by the regulatory body.
Q: Will the GDPR regulation help or hinder future innovation?
A: In my opinion, not only will GDPR regulation significantly help future innovation, but it will also establish an absolute maximum of the necessary level of "trust" required to have a flourishing use of any future innovation.
Q: Will the GDPR regulation help or hinder my hotel’s global marketing efforts?
A: Understanding that establishing "trust" is the cornerstone of any successful marketing effort, there is nothing better than upholding a basic “undeclared human right” in any company's effort to commercialize their product. Adapting to new processes and marketing efforts will be necessary, but it's also addressing an important need in the minds of most consumers.
Q: What do hotels need to do to maintain their opt-in-subscriptions? What will this mean to customer loyalty and bottom line revenues for the future?
A: It is helpful if businesses/hotels recognize that personal data is not a free commodity and there is an ownership title associated with the personal data to the data subject. Safeguarding this is all GDPR requires. Incentives, or any form of compensatory measures of interest to the data subject, may result in maintaining a higher customer loyalty. It is important to note, however, that customer loyalty and bottom line revenues were only impacted for businesses/hotels with a model to use a "free commodity = personal data" to generate income. As we all know, in a free economy, this itself is considered an unfair distribution of resources and a disadvantage for a healthy economy and it is not tolerated in many countries.
Q: What happens if there is a third-party breach? For example, a hotel uses WhatsApp to stay connected to their employees. What happens to that hotel if WhatsApp is not compliant? Is it liable for the breach or is WhatsApp solely responsible?
A: One of the points that GDPR addresses clearly is the responsibility of each party in the processing life cycle. In this respect, although GDPR has a "pass through" approach, it is the responsibility of the controller to be transparent towards the data subject and manage such risks with the processors and the involved third parties. For example, having a data processing agreement in place between the involved entities, performing risk assessments and taking other risk mitigating measures are the norm in managing this type of risk. In the example stated, since the hotel is considered as the controller, certainly the hotel will be audited to establish whether it had performed its due diligence towards managing this risk or not. Basic assumption is that the data subject was informed and consented to in the first place to allow WhatsApp to have possession of their personal data. If not, clearly the hotel will be held liable in a first instance.
Q: Understanding that GDPR is not a one-off compliance effort (like the rush to fix the Y2K Millennium Bug) and continuous changes will need to be made, is there a grace period on updates? Will there be a global schedule specifying when updates need to be made? How does a company know if it’s up-to-date with all the recent regulations?
A: GDPR is the law and became enforceable on May 25th, 2018. The grace period for meeting GDPR requirements started in April 2016, with a 2-year period allowed for compliance. Although, it has happened in the past that regulators have "extended" enforceability timelines, to date, I am not aware of any extension periods for the start of enforcement of GDPR.
Beekeeper is a digital workplace app where operational systems and communication channels live within one secure, intuitive platform. Beekeeper connects desk and non-desk employees across locations and departments in real time via mobile or desktop and includes an intelligent dashboard to help companies improve internal communication and streamline business processes.
The company is based in Zurich and San Francisco and supports users in more than 137 countries. For more information, visit www.beekeeper.io
Contact: Austin Sandmeyer
Contact: Barb Worcester, PRPRO
Beekeeper to Debut Shift Schedules at HT-NEXT in New Orleans
Hyphen Joins Beekeeper Marketplace to Provide Advanced Survey Analytics
Beekeeper Wins ALIS Tech Challenge; Deemed Hottest Technology for 2019
Beekeeper Reveals Game-Changing Capability at ALIS
Beekeeper Vying to Be Named Hospitality’s Hottest Technology at ALIS 2019
Beekeeper Continues to Dominate in the Hotel Technology Arena; Named ‘Top Operational Product’ for Employee Engagement by HotelTechReport
Hotel Tech Report Ranks Beekeeper Among the 'Top 10 Best Places to Work in Hotel Tech 2019'
Beekeeper Reflects on Its Landmark Accomplishments in 2018; New Year Looking Equally as Promising
Beekeeper and ALICE to Host Employee Engagement Webinar
Beekeeper’s Operational Communication Platform Named Most Innovative Hotel Technology at HX 2018
Beekeeper to Reveal the Secret to Guest & Employee Engagement at HX: The Hotel Experience
How to Effectively Communicate With Unionized Labor
Hoteliers Can't Afford to Ignore Operational Communication Technology in 2019
Hoteliers + Non-Desk Hotel Workers to Benefit From Beekeeper's $13 Million 'Series A' Extension
Beekeeper Improves Employee Communication for Feather Falls Casino, Lodge & Brewing Co.
Mobile Communication Is Key to Employee Engagement & Retention
Is GDPR Legislation Coming to U.S. Hotels?
Beekeeper Improving Guest Service and Guest Satisfaction Scores at the Watergate Hotel
Beekeeper Wins E20X ‘People’s Choice’ at HITEC Houston
Luxury Resorts Appreciate Guest Privacy Enhancements Included in Version Update for Springer-Miller’s SMS|Host PMS
Please login or register to post a comment.