Hotel Data Security
An introduction to PCI and GDPR, and the importance of compliance.
In today’s digital hospitality landscape, data security is becoming more and more important. The increase in online (distribution) channels that provide data to the hotels is growing each day. From guest data like address and credit card details to travel and profile information provided via Channel Managers and Booking sites. Because of this clustered data of personal information, the hospitality industry is especially vulnerable to attack. Trustwave published a 2016 article that shows that the hospitality sector had the second largest share of data incidents by industry at 14%.
This increase can be translated to the many vendors that are connected to today’s Hotel facilities. Not only the booking channels and online distribution providers can be held accountable for this increase. Also internal facilities like the hotel’s WIFI network are risk factors that distribute many guest and hotel data.
Because of these increasing risks, distribution vendors need to uphold strict security regulations. It is not only your job to find the right vendor based on their unique offer and fit with your hotel, but also if they are PCI and GDPR compliant. Your guests expect that you are following the same security rules. They might not be acquainted with terms like PCI and/or GDPR, but they are aware of hacking risks and are not always willing to provide all their personal information. As such, hotels have a heightened responsibility to protect this information at all costs. So this means that your hotel needs to safeguard digital data, meaning adhering to strict guidelines as outlined by the PCI (Payment Card Industry) and GDPR (General Data Protection Regulation) compliance.
An introduction to PCI compliance
Payment Card Industry Data Security Standard (PCI-DSS) is an international security regulation, developed in cooperation with credit card companies to regulate the security of storing, processing and transmitting transaction and personal details.
To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI-DSS) offers a guideline with 12 central security areas. It consists of steps that mirror security best practices. The hotel will be held accountable if any breaches occur.
With a few steps, you can check if you meet some of the requirements for becoming PCI-DSS compliant. We do suggest to get in touch with a specialized office in helping you with your hotel security.
What is GDPR compliance?
From 25th May 2018 GDPR (General Data Protection Regulations) will be implemented in the European Union. This regulation was adopted on 27th April 2016 to extend and strengthen the rights of all EU citizens and residents concerning the collection, storing and processing of their personal data by companies and organizations. Personal data included an extensive list of details like a person’s name, passport number, bank account number, email address, IP address etc. Considering your property is linked to multiple sources that handle guest data like (online) travel agencies, distribution systems and loyalty programs that are integrated with your PMS and/or CRS, GDPR is something you need to be especially aware of.
With a few steps, you can check if you meet some of the requirements for becoming GDPR compliant. We do suggest to get in touch with a specialized office in helping you with your hotel security.
Results of not meeting the security standards
Imagine a data security breach that puts guest information and credit card details out in the open. Other than high financial charges, the hotel suffers huge losses on brand reputation. Especially if you are connected to a franchise chain, the consequences could be severe.
If you accept credit card payments, you are legally obliged to comply with PCI. If you fail to meet these obligations you can lose your right to accept credit card payments. The results of this are self-explanatory in today’s online payment landscape.
Prepare your Hotel Data Security PCI GDPR
Your first thought while reading this article might be: “Am I not already covered by my technology and distribution providers?” Although the same regulations count for your business partners, you might overlook several points of internal data storage. It is the hotel that holds all responsibility for data protection of its guests in the end. We have prepared a step-by-step program to help you properly prepare for PCI & GDPR compliance.
PCI-DSS
To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI DSS) offers a guideline with 12 central security areas. It consists of steps that mirror security best practices. The hotel will be held accountable if any breaches occur.
With a few steps, you can check if you meet some of the requirements for becoming PCI-DSS compliant. We do suggest to get in touch with a specialized office in helping you with your hotel security.
Download our security certificates:
Download our security certificates:
GDPR
GDPR is in place to strengthen the rights of all EU citizens and residents concerning the collection, storing and processing of their personal data by companies and organizations. Personal data included an extensive list of details like a person’s name, passport number, bank account number, email address, IP address etc. Considering your property is linked to multiple sources that handle guest data like (online) travel agencies, distribution systems and loyalty programs that might be integrated with your PMS and/or CRS, GDPR is something you need to be especially aware of.
With a few steps, you can check if you meet some of the requirements for becoming GDPR compliant. We do suggest to get in touch with a specialized office in helping you with your hotel security.