Time is ticking for hotels as GDPR deadline approaches
By Editor | On Thu, December 14, 2017
The General Data Protection Regulations (GDPR) coming into force in May 2018 are a major overhaul of EU data protection law. These regulations give new rights to individuals and place an enhanced compliance burden on organisations that process personal data.
The GDPR will have major implications for the hotel industry given the volume of personal data and credit card information processed by hotels.
Hotels need to upgrade their data protection processes as failure to comply could be very expensive – with potential fines of up to 4% of annual global turnover or 20 million Euros, whichever is the greater
The legislation brings in a large number of changes and the level of effort involved in preparing for GDPR compliance is significant. Hotels must not only comply with the requirements of the legislation but must also be able to demonstrate and provide evidence of that compliance.
Bookassist - Your partner in GDPR compliance
Hotels accepting credit card payments must already be compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Bookassist, as a key data processor for hotel customers, is PCI DSS certified and has been PCI DSS compliant for many years. Bookassist was one of the first in the online bookings business to be compliant.
Bookassist is working now with GDPR legal experts to review all data processing activities. Before May 2018, Bookassist will be fully ready with the necessary changes to policies, procedures and contracts to ensure that the company is GDPR compliant in how hotel customers’ personal data is handled.
Bookassist will provide a new “Data Protection Agreement” that will describe Bookassist’s responsibilities as Data Processor for the hotel’s customer data.
For further information on GDPR and the additional steps your hotel must take to be compliant, visit: gdprandyou.ie