EU’s new data-protection rules pose challenges

analytics

In October 2015, the business world was faced with a conundrum when the European Court of Justice ruled against the 15-year Safe Harbor principles, which were used as a framework for companies to transfer personally identifiable information within the European Union and to other countries, including the United States. In a business climate such as the hospitality industry’s that increasingly depends on customizing the customer experience to attract and keep loyal customers, many hospitality companies were at a loss on how to proceed with customer communications.

Moving forward one-and-a-half years later, the European Union announced in its stead the comprehensive General Data Protection Regulations with an implementation deadline of May 28, 2018. The detailed regulations set forth numerous data-management requirements, and the implementation will impact not only businesses in the EU, but any business that collects PII from an EU citizen. Noncompliance carries a tiered fine approach, with up to 4 percent of annual global turnover as the max. To manage this protection, entities must also appoint a data protection officer. This requirement is estimated to potentially open up 28,000 new positions.

I was confronted with the high-priority status of the GDPR at HFTP’s inaugural HITEC Amsterdam held in March 2017. Discussions were abuzz on how both the finance and technology departments would regroup data management and come to be compliant in just over a year’s time. Based on the discussion in Amsterdam, HFTP moved forward with a plan to form the Hospitality Data Protection Officer Task Force. The group of experts is tasked with developing hospitality-specific guidelines for compliance and developing a Hospitality DPO certification program. 

Virtual Event

Hotel Optimization Part 3 | January 27, 2021

With 2020 behind us and widespread vaccine distribution on the horizon, the second half of the new year is looking up, but for Q1 (and most likely well into Q2) we’re very much still in the thick of what has undeniably been the lowest point of the pandemic. What can you be doing now to power through and set yourself up for a prosperous 2021 and beyond? Join us at Part 3 of Hotel Optimization – A Virtual Event on January 27 from 10am – 1:05pm ET for expert panels focused on getting you back to profitability.


The task force is working to address the major challenges for the industry to achieve compliance, as well as the stakeholders involved. Based on their findings, they are developing guidelines to enable the industry to assess their specific needs to achieve compliance on time. The group is also working to define the specific features of a hospitality data protection officer job role; and resulting from this, propose a structure of an HFTP HDPO certification.

The EU is not the only region that is strengthening its cybersecurity laws, as China has also released new regulations. In a global business such as hospitality with guests coming from all regions, it is imperative we keep aware of data-protection regulations.