GDPR in Europe and what you need to know about it

eZee is GDPR-ready

Europe has taken a big step in data-protection and security measures with the General Data Protection Regulations (GDPR), in effect from 25th May, 2018. With an aim to protect information from physical and technical misuse; GDPR is built on the previous data protection rule that EU applied.

Applicable to all the businesses which gather, process and record personal information of citizens and residents of EU, this GDPR compliance will provide all kinds of businesses with a strong data security structure and ensure that the personal data of any user or client is protected against misuse and theft.

What was the previous scenario?

Uptil now, Europe was running on the 1995 Data Protection Derivative, which is replaced by the GDPR. The new GDPR requires businesses to implement a definite set of compliances to secure the data and go along the terms of an individual's privacy rights.

The hospitality industry, being the one to deal with personal data extensively will have to ensure transparent data processing. Similar to PCI DSS compliance which works to protect card and payment information, the GDPR is imposed for restricting the access of personal information to third parties.

So how can the hospitality industry embrace GDPR and its compliance?

With GDPR in effect, you must explain to your guest as to what data you are capturing (the nature of the data), explain why you are capturing that data (the purpose of the data) and who’ll be having access to that data, (the identity of the Data Controller) and who else will have access to this data.

Thus, your guest will completely understand what data you need and your intentions with the data. Furthermore, you’ll be able to use the guest information explicitly for the reason you mention; leaving no chances of data misuse.

That is, hotels and F&B businesses in EU as well as outside EU fall under GDPR and have to be completely compliant with the rules.

This means that hotels and restaurants have to be GDPR compliant through the software they use, thus safeguarding their guests’ data from potential exploits.

What’s eZee doing to be GDPR compliant?

Hotel technology providers have to adhere with the same rules and obligations that a hotel has to, for GDPR. Vendors who acquire personal data from their hotel clients must share a Data Processing Agreement (DPA) with the hotelier to confirm that the vendor is compliant with the rules of the GDPR.

Being a global hospitality solutions provider, we have implemented appropriate technical and organisational measures to meet the GDPR requirements.

Updating privacy policy & terms of use

Defining guest retention and data-protection policy

Safeguarding guest data with new initiatives

Updating data-security contracts with current clients in EU

Better control over access of the personal data

Data lapse setting

Encrypted data importing

Limited access to the data through user roles and privileges

Tracking guest consent from the system

In addition, we’ll also be deleting all the data associated with your contract upon its termination, along with the back-ups; with no delegation to any data processor without your written consent.

eZee’s hotel solutions are already PCI DSS compliant. Which means that our products are already keeping your guests’ data secure from any potential theft or misuse, making it easier for us to become GDPR ready.

GDPR-readiness @ eZee

What you need to do to align with GDPR rules?

Ensure that your staff understands GDPR and its weightage.
Inform your guests and ask their consent to record their personal data.
Let your guests be open to exercise their rights.
Keep a data protection officer.
Get your network and storage systems up-to-date.
Be aware on what can be termed as valid data.

You need to start preparing yourself to be GDPR ready. One step at a time to ensure absolutely safe-guarded data of your guests.