You are here

Hotels Must Get GDPR-Ready, Too

< All Posts


It's no secret that the hospitality industry remains one of the most vulnerable to data threats; joining the roster of infamy is the latest Intercontinental Hotel breach.

Why is it that among the data breaches, those involving hotels hit\ particularly close to home? Because it affects any guest who provides their payment card details over to an entity they consider to be trustworthy.

Wouldn't you think that this industry would take the utmost precautions to ensure that such data is not exposed? While hotels are very aware of the risks, a large number still haven't seen the light, and have not embarked on taking measures to become PCI compliant. Cyber thieves know this, and act accordingly.

With the GDPR set to become effective within a year and a half, the industry needs to make an assessment, and act accordingly. These set of regulations, applicable to any organization, worldwide handling EU citizen data, have been developed to ensure the protection of people's private data: both personally identifiable information (PII) and payment card data.

What does it take to become GDPR ready? Those who are already PCI compliant have a shorter path to adherence to GDPR imperatives, which include

  • defining guidelines for collecting and managing PII, instituting internal processing that details the reasons for processing personal data, and the duration period for keeping this information.
  • keeping records to prove how data is protected.
  • finding out where the data is
  • determining how this data should be handled
  • ensuring IT systems are set up and updated for maximum data protection.

You can read more about the basic requirements for GDPR compliance in this ITProPortal article. 

8 Feb 2017