Ciske van Oosten, senior manager of the global intelligence division at Verizon’s security assurance consulting practice, and John Barchie, senior fellow at Arrakis Consulting, offer the following tips for hoteliers looking to ensure their properties are GDPR-compliant.
Create a program.
“This applies to any program—hotels need to simplify the compliance workload by standardizing their processes, technology, policies, procedures, and communication,” van Oosten explains. “We’ve worked with hundreds of hotels on compliance programs, and the ones that are most successful are the ones that have a plan and create a concrete program with standardized processes and procedures.”
Consult with experts.
“Finding legal counsel is probably the best place to start,” Barchie says. “That person will hire consultants to help understand what actually needs to happen from an operational standpoint. And there are legal specialists in the United States who specialize in GDPR. These people can also help you rewrite any consent forms with the appropriate
Reach out to stakeholders.
“Set up an internal contract with stakeholders that specifies the purpose of the GDPR program. This gives hoteliers a formal and enforceable commitment of active participation in, and adherence to, the compliance program,” van Oosten says.
“Regardless of where they are, hoteliers must be compliant by May 25,” van Oosten stresses. “They need to understand the impact it’s going to have on their business and be prepared to make the necessary adjustments. There is no ‘do nothing’ option here.”
Read about how the European Union’s GDPR privacy rules will impact U.S. hoteliers here.