News
News —— 27.11.2018 —— 3 reading minutes

Hospitality is a Vulnerable Industry: A Closer Look at GDPR


Every time a new music format takes over the market, we lose 90% of the albums, singles, and demos previously recorded. From 8-track tapes to cassettes, from vinyl to CD, from MiniDisc to mp3, fifty years after its original recording, you can still stream Beatles’ Strawberry Fields Forever on Spotify, while 9 musicians out of 10 never survived this evolution.   Just like music, data moved from support to support over the years and, by now, chances are that the average hotel possesses Gigabytes of data all over external hard disks, USB sticks, servers, clouds or, even worse, paper. And, whether they like it or not, they will have to let a lot of these data go. For good.


WHERE’S THE BUG? GDPR SIMILARITIES AND DIFFERENCES WITH Y2K

In 1999, Y2K bug reshaped the technology industry. “The sheer scale of the problem, coupled with the fact that the entire world was up against a hard and inflexible deadline meant that organizations around the globe were forced innovate and change the way they conducted business in an unprecedented way”, wrote Roman Stanek, Founder and CEO at GoodData. What makes GDPR different from Y2K, however, is the fact that companies were way less prepared to face the imminent deadline than they were 18 years ago.

THE NUANCES OF GDPR

Another huge difference is that, unlike Y2K, the GDPR is subject to human interpretation, and lawyers are known to have a hard time when dealing with new laws, mainly because of the lack of precedents. If the regulation is an attempt to increase data protection and security, in fact, the definition of personal data itself is remarkably broad. And with the risk of huge fines, human interpretation is no bueno.  It is true that, for too long, hotels kept a pirate approach with data, but would you risk up to 4% of your annual gross revenue because of legislative nuances? First of all, what are exactly personal data? Unlike sensitive data (information about race, political views, religion, sexual orientation, etc.), personal data are simply the ones that indicate a specific individual. The main problem is that they are not limited to the person’s name. In fact, address, date of birth, email address (both personal and professional), phone number, IP address, and cookies are all considered personal. You’ve probably already read extensively about the topic, maybe joined a few webinars or even consulted with your lawyer, so you have a good understanding of what GDPR implies: you need your guests consent in order to use their data, this consent needs to be explicit and unambiguous and, more important, guests can ask you to delete all the data you have about them.

A VULNERABLE INDUSTRY?

Even though interesting, this is just theory.  “When it comes to data, the hotel industry is very vulnerable”, Marion Roger, Senior Vice President Operations at Upflex, once said. According to Verizon Data Breach Investigations Report, for example, hotels account for 92% of all POS breaches. Guests book online, join loyalty programs and share a ridiculously high amount of personal data while traveling, and GDPR will not only affect the way hotels interact with their guests, but it will force them to review their company policies and procedures tout court.

HOW WE CAN HELP?

Now, more than ever, hoteliers must make sure that guests data are well protected. That does not simply mean knowing which PMS user has access to what kind of data, but it also means protecting the actual storage where data are.  With on-site systems, hotels must suddenly deal with questions such as: “is the server room with the secured (locked)?” or “Who has got physical access to the server?” or “ Is the server on the same network as the public hotel wifi?”. 
With cloud-based system, on the other hand, these IT problems are completely outsourced. All the local IT challenges, simply, disappear. HotelTimeSolutions, with its native cloud-based, secure system, is your ally in this new challenge. We have dedicated staff and technology to protect your guests’ information. We understand that data belong to the customers and that we are here to take care of it, and we built HotelTime Solutions with this approach in mind way before GDPR was even introduced.

Get in touch today to know how we can help you secure your data in our cutting-edge property management system!