GDPR dictates how a company may use its clients’ personal data, and it applies to all people who live in the European Union (EU) — regardless of where their data is processed. This means that hotels in the United States serving European guests must start adhering to the regulation, or else face steep fines — up to 4 percent of annual global turnover or €20 million (whichever is greater).
With so much on the line, it is imperative that U.S. hoteliers acquaint themselves with GDPR and prepare to meet its requirements. “Any hotel that has international aspirations is going to be affected, as will any hotel brand with a global presence,” comments John Barchie, a senior fellow at Arrakis Consulting, a San Tan Valley, an Ariz.-based security company. “They’re going to be expected to protect their EU citizens’ data,” he adds.
The crux of GDPR is consent, says Ciske van Oosten, senior manager of the global intelligence division at Verizon’s security assurance consulting practice.