4Hoteliers
SEARCH
SHARE THIS PAGE
NEWSLETTERS
CONTACT US
SUBMIT CONTENT
ADVERTISING
GDPR in the EU and UK: 3 Steps for Complying with Employer Responsibilities
By Chris Mumford
Monday, 9th April 2018
 

GDPR: Four letters of the alphabet that are proving to represent one of the biggest challenges facing businesses in 2018; The General Data Protection Regulation (GDPR) comes into effect on 25th May across the European Union, including the UK, and impacts any organisation that operates within the EU that processes data of EU citizens wherever they may be in the world.

How organisations hold, store and process personal data will now be subject to higher and more consistent scrutiny - with potentially significant penalty for non-compliance.

AETHOS Consulting Group's London Managing Director Chris Mumford emphasizes that much attention is already given to how customer data is handled under GDPR, especially in the hospitality sector where hotels process a high volume of personal information and payment data.

"GDPR not only impacts how a business interacts with its external customers but also how it manages data internally with regard to its employees. In an industry such as hospitality where the labour force is so often highly diverse and comprised of multiple nationalities, most organisations will be affected by GDPR."

Mumford spoke exclusively to Adele Martins, Partner and head of the Employment Department at law firm Magrath Sheldrick LLP, who clarified that GDPR is considerably stricter in its requirements than the UK's Data Protection Act (DPA). Mumford and Martins highlight a number of key features hospitality employers should consider as they address compliance with the new regulations:

1/ What qualifies as 'sensitive data'?

People will regard information about their health or their sexual orientation as more confidential. Technically Sensitive Personal Data or Special Categories of Data include information about a person's race or ethnic origin, their health or sex life, their sexual orientation, political opinions, religious / philosophical beliefs, trade union membership and genetic and biometric data.

2/ How is employee consent defined and best obtained?

The GDPR makes it clear that consent must be freely given, specific, informed and unambiguous. It can no longer be implied from silence, pre-ticked boxes or inactivity.

3/ Regarding businesses which have external suppliers that are exposed to personal employee information (ie. payroll providers), where does GDPR compliance lie?

With all parties. The advice to controllers is to have appropriate agreements in place with providers to ensure that those providers (processors) are contractually obligated to process data appropriately.

4/ Would a hotel in New York which employs a French national in the kitchen be subject to GDPR?

So, a hotel in NY employing a French national is processing the personal data of an EU national but that EU national is not within the EU. Does that mean they are off the hook? No. The EU national is still likely to be protected by the GDPR - not least because they are bound to return to the EU at some point and the processing will not stop when they do.

5/ What are the sanctions for failing to comply?

The maximum sanction under the GDPR is a whopping Euro 20,000,000 or in the case of a corporate undertaking 4% of global annual turnover - so potentially much higher than the maximum Euro 20 million figure.

Mumford and Martins urge hospitality employers to immediately manage three critical steps to prepare for the GDPR compliance deadline:

  1. Dedicate data protection personnel internally and at a senior level;
  2. Appropriate security measures to ensure that personal data is properly stored, securely processed and retained only for as long as necessary;
  3. Clarify Privacy Notices to ensure that the individuals in question understand what data they are providing.

To read AETHOS' Chris Mumford's interview with Magrath Sheldrick's Adele Martins in its entirety, click here.

AETHOS Consulting Group is a global hospitality advisory firm serving the hotel, restaurant, casino, cruise line, club and travel technology sectors. We enhance value for our partner organizations via access, know-how and fresh thinking. Core competencies include executive search, compensation consulting, organizational development and psychometric assessments.

Through strategic joint-ventures, AETHOS also assists clients with logistics, supply chain management and insurance solutions. Structured as a single partnership, AETHOS operates from locations in North America, Europe and Asia Pacific. www.aethoscg.com

Online Marketing & Brand Awareness Opportunities ~ 4Hoteliers.com ...[Click for More]
 Latest News  (Click title to read article)




 Latest Articles  (Click title to read)




 Most Read Articles  (Click title to read)




~ Important Notice ~
Articles appearing on 4Hoteliers contain copyright material. They are meant for your personal use and may not be reproduced or redistributed. While 4Hoteliers makes every effort to ensure accuracy, we can not be held responsible for the content nor the views expressed, which may not necessarily be those of either the original author or 4Hoteliers or its agents.
© Copyright 4Hoteliers 2001-2021 ~ unless stated otherwise, all rights reserved.
You can read more about 4Hoteliers and our company here
Use of this web site is subject to our
terms & conditions of service and privacy policy