A recent report from Salesforce shows that customers have limited trust in how companies handle their data. 59% believe their personal information is vulnerable to a security breach, and 54% don’t believe that companies have their best interests in mind.
A view of the headlines is enough to realize that data security and privacy continue to be of paramount importance to customers of hospitality businesses. Amidst the pandemic, in countries like UK one key change in the guidance, alongside social distancing measures is that hospitality businesses were asked to keep a temporary record of customers and visitors for 21 days in order to support the NHS Test and Trace service.
More recently the UK’s data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach that may have affected up to 339 million guests.
However, a majority of the players are not that aware of how privacy regulations impact them or in what all ways they collect PII. Management and business owners must ask themselves some fundamental questions on applicable provisions like GDPR to make sure they are compliant:
Do they understand the key elements of applicable privacy regulation and its potential impact on their stored data?
What do they really know about their readiness for compliance with laws like GDPR?
Have they seen their company’s data privacy protection and compliance-readiness assessment?
How do they ensure they have all the information they need? Have they seen their company’s implementation action plan with specific recommendations, such as system adaptation or cyber-training programs?
Management simply can’t ignore these questions. Companies that fail to comply with the laws like GDPR could face fines of up to 4% of global turnover or €20m, whichever is greater, in the case of a breach. Needless to say that the reputational and brand damage of such a breach can have major consequences for a business.