At a recent Irish Hotels Federation industry briefing, Crowe partner Aiden Murphy gave an address on the practical implications and solutions of the General Data Protection Regulation (GDPR) for the hotel sector. The seminar was addressed by a panel of industry experts from different backgrounds including business planning, legal, technology and marketing. Below you can download a full summary and a 5-step guide to preparing your hotel for the new GDPR regulations.
Simone Kennedy, who works on our risk consulting team, also recently penned an article for the Hotel and Catering magazine that reviews the implications for the hotel and hospitality sector of GDPR.
GDPR and the hotel sector
When it comes to data security, there are few sectors as vulnerable to threats as the hotel industry. With the volume of processed personal and credit card information being handed over to hotels on a daily basis the hotel industry is currently one of the most vulnerable to data breaches (Verizon 2016 Data Breach Investigations). It is no surprise that the industry accounted for the second largest share of security breaches in 2016.
With the May 25 enforcement deadline for the GDPR looming closer, it is imperative that hotels upgrade their data protection processes, or they face the risk of severe financial penalties.
The penalties for not complying with GDPR are severe, at a financial cost of up to €20 million or 4 per cent of worldwide annual turnover (whichever is greater), not to mention the potential reputational cost to a business in the hospitality industry. However, these possible losses can be easily avoided if the hotel leaves enough time to efficiently adapt to the regulation.
The GDPR team at Crowe can help hoteliers and hospitality businesses devise and implement a plan to ensure compliance in advance of the May 25 deadline. If you would like to find out more about how we can help you contact Roseanna O’Hanlon or Simone Kennedy of our risk consulting team.