Caribbean hoteliers are being advised to ensure European Union (EU) General Data Protection Regulation (GDPR) compliance.
During a recent webinar hosted by the Caribbean Hotel and Tourism Association (CHTA), Brian Kent, chief executive officer and co-founder of Flip.to, explained that the GDPR imposes a strict set of requirements on how and why companies collect and use personal data. CHTA emphasizes that sound data privacy protection practices are essential for every business regardless of GDPR.
“Companies now have to provide the right to individuals to know what data a company has about you,” he disclosed. “It also is requiring ... that a company that’s handling your data is doing it in a really secure way as well as being really good stewards of it.”
Kent said the regulation does not restrict companies from using data, but ensures that personal information is protected and that individuals have rights related to their personal information.
GDPR protects the privacy not only of EU citizens worldwide but also of anyone who is party to a transaction while in the EU. Failure to comply with the new regulation can result in financial penalties ranging from €10 million, or two percent of annual revenue, up to €20 million, or four percent of annual revenue.
Given the growing concerns about corporate security breaches and mishandling of personal information, many organizations are taking a new look at their existing policies for handling and protecting information in their client databases.
The hospitality industry is particularly vulnerable to data breaches, said Frank Comito, director general and CEO of CHTA. From reservations and payment processing to rewards programs and guest services, hotels and other businesses have multiple touch points with customers during which customer data is exchanged, he explained.
“We are taking the education of our members seriously regarding the new regulations on protecting personal data,” said Comito. “We are also actively encouraging them to become knowledgeable about the tools, systems and practices they can employ to protect data and be good stewards of personal information.”
According to Kent, hoteliers may not be able to continue using their marketing databases if they are not GDPR compliant. He explained they must be able to deliver data to anyone who asks for his or her personal data. “If they ask to remove themselves from your databases and your partners’ databases, you have to be able to go back to them and give them an answer saying ‘yes, we’re doing that’ and a time frame of when that’s going to happen.”
In the long term, Kent said companies will need to shift their thinking and have more personal conversations that serve the needs of travelers. “That’s also a really good thing because if you’re doing that, it’s not just about getting into compliance with GDPR, it’s forcing you to become a better marketer. It also means you’re building and nurturing relationships.”
The new regulation, which comes into effect on May 25, 2018, will be a hot topic at the upcoming Caribbean Hospitality Industry Exchange Forum (CHIEF), happening at the Hyatt Regency Miami from June 22 to 24, and will be tackled during one of the Professional Development Sessions at the conference.
CHTA believes that new practices offer an invaluable benefit to guests and the businesses themselves as it will allow them to continue to provide outstanding customer service, while also ensuring the security, privacy and safety of guests.