Are you ready for GDPR? We can help!
As you may be aware, the EU has enhanced the current laws relating to data protection and the General Data Protection Regulations (GDPR) and these will come into full effect in UK law from the 25th May 2018.
The law is applicable to all businesses which maintains and processes data relating to EU citizens. As the data controller of your customers’ data you have a duty of care to ensure that you have safeguards in place to ensure your customers’ data is fully protected.
What do you need to do?
The present data regulations are stringent. GDPR has expanded on this by giving individuals greater control on how their data is used including more enhanced rules about the right to be forgotten and around consent. You need to have the systems in place to ensure that you can easily respond to data requests from your clients.
Going forward you need to be transparent when dealing with your customers data:
- Explain what data is being collected
- Why you are capturing it
- Who will have access to it (the data controller)
- Who else will have access to it?
When you are dealing with substantial volumes of personal data you need to have the mechanisms to ensure that you are GDPR compliant and can capture consent – we can help.
What happens if you don’t comply?
It is easy to fall into a trap that thinking you will be able to continue using the same, relatively benign, data collection and processing practices that are in place today. Don’t fall into the trap. Under GDPR, silence is not the same as consent – it is simply not enough to harvest data without consent or without having conducted a suitable identification of a legitimate interest for holding historical data. Processes also need to be put into place to prevent data breaches and the sharing of data with third party organisations.
The consequences of non-compliance:
Fines of up to €20 million or 4% global turnover.
Compensation claims for damages suffered.
Reputational damage and loss of consumer trust.
What is NFS doing to help their clients become GDPR compliant?
As a data processor, we are undertaking a number of measures from a best practice, operational and technical perspective to ensure that our clients are going to be compliant with the new regulations. We are enhancing our hotel technology and meeting room technology to ensure that our clients are fully prepared for the new legislation.
These measures include:
Best practice webinars featuring marketing industry experts
White papers and eBooks packed with actionable advice
Revised client facing
Utilities to help you painlessly purge and cleanse data
New features to record
What we are doing to enhance our hotel technology
For our hotel clients we are enhancing our hotel PMS software to ensure that they are fully compliant with the new legislation and that sensitive guest data is fully encrypted.
These new enhancements include:
- Tokenisation of guest credit card data
- A dedicated “GDPR Options” button
- Options to create a default mailing preference for “do not mail”
- Procedure to set existing guest profiles to “do not mail” and set a date range
- Ability to purge all personal guest data from guest profiles and guest history
- Database encryption
What we are doing to enhance our meetings technology
For our clients in the venue and corporate space we are delivering a number of additions to the software enabling the easy purging and cleansing of data, risk minimisation thanks to rock-solid security and the provision of a range of tools to ensure consent.
These new enhancements include:
- Purging of historic and inactive data
- Anonymisation of data
- Removal of client contacts and associated data
- Enhanced password features
- Windows authentication
- Ability to record consent data