Advances in information exchanges, technology, and globalization are turning data into one of the most important assets for hoteliers but regulators across the world have never been more alert to this reality.
The hospitality industry and hotel chains around the world face a triple threat of greater scrutiny from the public and regulators, stringent data protection regulation and increasing threats like data breaches. It has never been more important to ensure that hotels are prepared, protected and compliant.
One of the most recent data breaches in the hotel industry was Choice Hotels after 700,000 customer records were compromised in August 2019. Choice Hotels said the breach was a result of a third-party vendor who copied the impacted data from Choice Hotels environment without authorization and moved it to its server.
There is no doubt that the European Union’s General Data Protection Regulation (GDPR) sets the highest standard in data protection in the world today. Not only by way of its substantive requirements but also because of its extraterritorial outreach which requires any hotel chain with European customers to comply with its demanding provisions.
But, lawmakers on every continent are rapidly catching up and comprehensive data protection regimes are cropping up across the Americas (California, Brazil) and Asia (Singapore, Thailand). This fast pace of regulation penetration worldwide, which most often includes a duty to notify data breaches, adds further complexity to the precarious cocktail of a business’s legal obligations and international operations.
Globally, regulations now require that hoteliers review their approach to direct marketing, their contractual position with suppliers, their intra-group and cross-border exchanges of data, their notices to customers and the security of IT their systems.
This call to action is underpinned by regulators who now have the power to impose fines proportionate to corporate group turnover that may mean millions if not even billions of euros, pounds or dollars in fines. In addition to the immediate financial impact, fines for privacy issues often eat away at consumer trust and overall brand reputation that can have a devastating effect on the share price.
Regardless of where your business is located, it's vital to find a data advisor who can advise how to collect, manage and share information in compliance with the ever-expanding body of international rules and regulations on data protection.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.