In October 2015, the business world was faced with a conundrum when the European Court of Justice ruled against the 15-year Safe Harbor principles, which were used as a framework for companies to transfer personally identifiable information within the European Union and to other countries, including the United States. In a business climate such as the hospitality industry’s that increasingly depends on customizing the customer experience to attract and keep loyal customers, many hospitality companies were at a loss on how to proceed with customer communications.
Moving forward one-and-a-half years later, the European Union announced in its stead the comprehensive General Data Protection Regulations with an implementation deadline of May 28, 2018. The detailed regulations set forth numerous data-management requirements, and the implementation will impact not only businesses in the EU, but any business that collects PII from an EU citizen. Noncompliance carries a tiered fine approach, with up to 4 percent of annual global turnover as the max. To manage this protection, entities must also appoint a data protection officer. This requirement is estimated to potentially open up 28,000 new positions.
I was confronted with the high-priority status of the GDPR at HFTP’s inaugural HITEC Amsterdam held in March 2017. Discussions were abuzz on how both the finance and technology departments would regroup data management and come to be compliant in just over a year’s time. Based on the discussion in Amsterdam, HFTP moved forward with a plan to form the Hospitality Data Protection Officer Task Force. The group of experts is tasked with developing hospitality-specific guidelines for compliance and developing a Hospitality DPO certification program.
The task force is working to address the major challenges for the industry to achieve compliance, as well as the stakeholders involved. Based on their findings, they are developing guidelines to enable the industry to assess their specific needs to achieve compliance on time. The group is also working to define the specific features of a hospitality data protection officer job role; and resulting from this, propose a structure of an HFTP HDPO certification.
The EU is not the only region that is strengthening its cybersecurity laws, as China has also released new regulations. In a global business such as hospitality with guests coming from all regions, it is imperative we keep aware of data-protection regulations.