GDPR (General Data Protection Regulation) represents the EU’s data regulation law. It controls how personal information can be used and secured. The right to privacy is part of the European Convention on Human Rights.
- Personal data – any information that relates to an individual, such as names and email addresses/phone numbers, location information, ethnicity, gender, biometric data, etc.
- Data processing – any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, and erasing data.
How do hotels protect data?
The hotel industry is particularly vulnerable to data threats, due to the multiple points of payment, email, online booking systems, and documents containing card data. A very high volume of payment card transactions occur daily and guest information can often be stored long-term. Typically, a hotel database will hold guest names, addresses, dates of birth, credit card details, passport details, and so on. This is a lot of sensitive data that could be used fraudulently. Couple this with information that is received from multiple sources, such as point-of-sale systems, third-party bookings, emails, own website inquiries, and walk-ins, hoteliers are an easy target for cybercriminals. GDPR is a game changer because the hotel industry now needs to identify where data is kept and ensure that it is protected.
Hotel staff must be aware of how to collect, access, use, and disclose personal information as well as how to restrict access to cardholder data. Employees must also be advised on how to create strong passwords, and know how to properly dispose of documents containing payment card data.
Most local Montenegrin hotel companies still haven’t implemented simple steps which would positively affect data protection:
- Scanning documents (Vs. copying passports and keeping them on paper). Also, passport scanners securely capture proof of ID, without weighing down the customer experience.
- Shrinking all credit card details and keeping them encrypted in Property Management Software for up to 6 months, accessible only to managers.
- Protection of credit card details – pay by link systems and payment portals as an integral part of the website, where data is securely stored with the bank.
Hotel Link Pay is the highest global standard. Hoteliers no longer have to store written copies of card details and this reduces the risk of fraud. Hotel Link Pay also verifies cards at the time when they are stored/charged and verifies fraudulent cards.
To conclude, Data protection is a crucial process of safeguarding important information from corruption, compromise, or loss. By incorporating this process, hotels build their reputation as safe, trustworthy, and conscientious market players.