The way in which personal data is stored and processed is changing and if you do not comply with new legislation due to be launched in 2018, there could be serious consequences for your business.
The General Data Protection Regulation (GDPR) will be introduced on 25th May 2018 to protect the personal data of EU citizens. Designed to harmonise data privacy laws across Europe, GDPR replaces the Data Protection Directive 95/46/EC.
Widely reported to be the most important change in data privacy regulation in 20 years, GDPR will significantly affect the way in which businesses collect, process and use personal data.
With only seven months to go until GDPR enforcement, it is essential that you are prepared:
This new law will change the way businesses approach data privacy, as well as protecting individuals. GDPR will almost certainly have a huge impact on the hospitality sector, as restaurants, hotels, coffee shops, guest houses and leisure clubs must all comply with the new regulation.
The collection and processing of personal data is indeed a fundamental characteristic of the hospitality sector. It is therefore crucial that organisations in this industry comply with the new data protection law, particularly as hefty fines will be issued for breaches of the new legislation.
And bear in mind… your guests and customers will have increased rights, including the right to know what personal data is being stored. They will also have to consent to this data being processed.
So… what can you do to ensure that your business meets the required standard? Here’s a few suggestions:
- Keep privacy policies, procedures and documentation up-to-date. Carefully document and manage what personal data you hold and how it is shared.
- Appoint a Data Protection Officer – particularly if your company has more than 250 employees
- Store all personal data securely. Individuals have increased rights, and you must check your procedures for storing, processing and deleting personal data
- Provide a privacy policy on your website
- Always ensure that customers consent to direct marketing and always provide an opportunity to opt-out
- Make sure that you have the correct procedures in place to deal with a personal data breach – including how it would be detected, reported and investigated
GDPR will improve the existing rights of individuals with regards to personal data. Businesses will be accountable for their use of personal data and must be ready with an effective data governance programme in place.
Food Alert’s thoughts on how GDPR will affect the hospitality sector:
Paul Holden, Chief Operating Officer:
“How an organisation manages its employees and clients personal data has been an often difficult to understand requirement for a long while. The introduction of GDPR 2018 is a welcome set of regulations as it helps organisations to ensure they are not falling foul of the legal duties.”