The accommodation industry is being increasingly targeted by acts of cybercrime.
Brendan Granger from AccomNews writes that in November 2018, Marriott announced that the data of up to 500 million guests had been hacked over a four-year period. Just recently, researchers uncovered a massive data breach that could have serious implications for hotel chains around the globe.
Why are hotels being targeted?
One reason is they store and process incredibly high volumes of guest information and credit card details. To safeguard this data, hotels need to invest in robust digital security that complies with the new General Data Protection Regulation (GDPR).
What is GDPR?
As of May 2018, the European Union’s General Data Protection Regulation came into force. This intervention is designed to provide EU citizens with increased online privacy and give them more control of their own data. Hotels around the world are liable for GDPR. The GDPR does not just apply to hotels based in the EU. It affects any hotel around the world that handles or processes the personal data of EU residents, regardless of where the hotel is located.
The penalties for non-compliance are severe. In addition to operational setbacks and damage to a hotel’s reputation, the maximum fine per violation is either 4% of a company’s annual global revenue or 20 million Euros (whichever figure is greater).
What else do hotels need to know?
Under GDPR guidelines, hotels are almost always classed as the “Data Controller” because they “control” the data. This means as a hotelier, it’s your responsibility to ensure any third parties you work with are GDPR-compliant.This point is key.
But in the post-GDPR world, the hotel is responsible for checking the vendor that they use follows the latest regulations.
What can your hotel do to protect guest data?
As already outlined, the GDPR places full responsibility on the hotel for a data breach. Not the vendor or technology supplier. And of course, when a data breach happens, it’s not the vendor’s name that makes the headlines. It’s the hotels.
This means that protecting guest data goes way beyond GDPR compliance. Your entire brand reputation is at stake. But more than that, protecting personal data is essential to earn your customers’ trust.
In an age when fears over personal data leaks are greater than ever before, your guests need to be reassured that their privacy is your priority.
With that in mind, Brendan suggests 6 key recommendations to tighten up your hotel’s own digital security:
- Conduct a risk assessment
- Review your security
- Conduct staff training
- Make sure your vendor is GDPR compliant
- Conduct regular security audits