Read time: 3 minutes
Privacy law compliance has never been a simple task for the hospitality sector, with its large datasets of customers from all over the world, international operations, and marketing and loyalty programs. Many hospitality companies have invested millions in compliance efforts already. And as some laws reach maturity and others around the world are on the cusp of coming into force, what must the sector prioritize and focus on now?
Keep an eye on the basics
While headlines scream out details of the latest multimillion-pound fines, it is important to keep the focus on day-to-day privacy compliance basics. Compliance issues may not result in the highest fines, but the most regularly enforced area (which goes to the heart of brand loyalty and customer database value) is non-compliance with basic direct marketing rules, and those rules have been around for decades.
Keep on top of security measures guidance
Many privacy laws have vague obligations to have “adequate measures” in place to protect the security of personal data. The laws leave it unclear to those in the hospitality sector as to what exactly is adequate and how far they should go. Accreditations such as Cyber Essentials or ISO 27001 can be useful at a general level, but it is important to keep an eye on guidance and recommendations as to what the regulators expect. New ransomware guidance from the UK’s Information Commissioner’s Office (ICO) and the International Enforcement Co-operation Working Group on credential stuffing provide good examples, practical guidance and insight into how to achieve compliance if an incident has to be reported.
- Data security breaches remain the number one priority and concern.
- Nonetheless, direct marketing rules are still most regularly enforced.
- As privacy rules proliferate worldwide, flexibility and scalability are now essential.