The General Data Protection Regulation (GDPR) rewrites the current laws on the management and security of personal data of European citizens. The new law will come into effect from the 25th May 2018 and it will impact all businesses that store or process customer data in any way. As the collection and processing of personal data is a fundamental characteristic of the hospitality sector, restaurants and hotels must all comply with the new regulation.
Here are 5 tips you can follow to prepare your business for the arrival of GDPR.
Review your current way of working
Make sure you are aware of how data is currently added to your system, where it’s stored and who has access to it. Consider whether the data is classed as “personal data” – for example, data within Centegra’s Stock Management Solution is not considered to be personal as it doesn’t identify a natural person. Centegra’s Loyalty Programme solution, however, does save personal details, which is why the right processes and procedures will be needed within your business. It’s important that you carefully document and manage personal data; it’s a way of showing your customers that you care about their privacy.
Work with an expert
You are obliged to follow the correct procedures when a personal data breach occurs. To be sure you’ve got the right plan set up, you might want to work with an expert. It’s always a good idea to work together with a knowledgeable cybersecurity firm or consultant to make sure your company is ready for any problem crossing your path.
Make it everyone’s job
Do your employees know what’s going on? Well, you might want to make sure that they do. Every member of staff should understand the new regulation and be able to contribute to it. Although it’s not a legal obligation for small companies to employ a specific Data Protection Officer, you may need to add this to an existing employee’s job role, to make sure everyone’s on the same page.
In the hospitality sector there is nothing more important than trust. Make sure your guests and customers have given consent to direct marketing and always provide an
opportunity to opt-out. They have the right to consent to their data being processed and to know what personal data is stored, and to request for it to be deleted. So get in touch now, and show them you’re a responsible and forward-looking business.
Don’t forget your helping hands
Personal data relating to your staff counts too. Make sure personal information like names, contact details and personnel records of employees are well protected. Inform your current and previous staff of the data you hold on them and tell them about their rights.
Even though the GDPR seems daunting at first, it can definitely be used as a positive way to build a trustworthy relationship with your customers. So make sure your company is prepared and if you haven’t implemented any changes yet, start now! Every single business has the potential to be impacted by the GDPR, but as long as you keep moving, you will succeed in the new digital world tomorrow #innovationthatcounts