Its Lolly and Institute of Hospitality uncover alarming findings in relation to the impact of upcoming legislation
According to a survey(1) conducted by Its Lolly, the EPoS and payment solution specialist and The Institute of Hospitality (IOH), one third (33 per cent) of the hospitality sector is still unaware of the upcoming GDPR legislation.
General Data Protection (GDPR) is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment (2).
The survey also uncovered that nearly three quarters (73 per cent) of those surveyed wouldn't know what to do if customers requested details of the data being held about them. And half (50 per cent) of respondents said they were not aware of how their methods of personal data processing will be impacted under the new regulations.
Alarmingly, 40 per cent of respondents are unsure as to whether their operational data is safely backed up. However, on a more encouraging note, more than half (57 per cent) of hospitality providers are confident in the systems they have in place.
Peter Moore, CEO of Its Lolly, said: "A number of the findings uncovered in the survey are alarming given organisations of every size are going to be affected by the GDPR legislation. This will include small hospitality providers with fewer in-house legal and IT resources.
"GDPR is only around the corner. It is time to take action and get to grips with your data - before it becomes too late. The fines are high, up to 20000000 EUR or up to four per cent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater(3)."
Peter Ducker, chief executive at the Institute of Hospitality, added: "Getting ready for GDPR is a good opportunity for operators to spring-clean their databases. You will be surprised by how much data you hold – about customers, employees and suppliers - that is old, out-of-date or of no benefit to the business at all. That's the first step. Then it's an opportunity to get in touch with your customers and forge a new and more meaningful relationship with them."
In order to get ready for GDPR, companies must:
- Review the types of personal data currently held on file (paper, audio or digital formats);
- Identify lawful grounds for collecting the data;
- Identify how the data can be kept correct and up-to-date;
- Identify redundant or erroneous data to cull, and
- Make a plan as to how ALL of this data is going to be kept secure.
(1) The survey opened on 3rd October 2017, 120 hospitality sector respondents