Loading...
Hotel Data Security Understanding the importance of PCI and GDPR compliance 2018-01-08T15:32:02+00:00
  • SmartHOTEL-Hotel-Data-Security-Understanding-the-importance-of-PCI-and-GDPR

Hotel Data Security
Understanding the importance of PCI and GDPR compliance

Data security is becoming an increasingly important issue in today’s digital hotel. When it comes to data security, the hospitality industry has proven to be especially vulnerable to attack. A 2016 report by Trustwave revealed that the hospitality sector had the second largest share of data incidents by industry at 14%.

These increasing attacks are both a sign and a natural outcome of how much hotels have increased connectivity and digital services to guests. Alongside online bookings, mobile check-in services, public Wi-Fi, and messaging apps all involve guests handing over personal details.

As such, hotels have a heightened responsibility to protect this information at all costs. In the digital age, safeguarding digital data means adhering to strict guidelines that fall under two categories: PCI (payment card industry) and GDPR (personally identifiable information) compliance. The two terms are often used together and in conjunction with each other though each is a vast area of compliance in itself.

SmartHOTEL PCI DSS Compliant

What is PCI
compliance?

Every business that handles credit card information (including storing, processing, and transmitting cardholder data) must be PCI compliant.

To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI DSS) offers a guideline with 12 central security areas—these are identified as the minimum level of security measures organizations need to take. Ultimately, responsibility for any breaches falls upon the hotel.

While smaller hotels might not have the luxury of a dedicated officer or department to deal with compliance, the majority of properties can still meet PCI compliance by following a few simple measures.

What is GDPR
compliance?

GDPR (General Data Protection Regulations) comes into force on May 25th, 2018 and relates to any form of information that could be used to reveal a specific person’s identity. This extensive list includes details such as a person’s name, email address, IP address, passport number or bank account number.

While PCI compliance only applies to protecting details relating to credit card data, GDPR is a much bigger area. It’s also one that you need to be especially aware of given the surge in guest data now being collected through various sources such as online bookings, loyalty programs, and social media profiling.

The risks of not adhering to compliance

Perhaps most significantly, non-compliance to data protection regulations can lead to a huge impact on brand reputation. If a data breach becomes public knowledge, it could rock customer trust and loyalty.

There are also potentially severe financial penalties to consider. When it comes to non-PCI compliance, the fines can run into the hundreds of thousands of dollars. In Europe, organizations that breach GPDR could face a fine of up to 4% of their annual global turnover or €20 million.

Beyond the financial implications, there are legal repercussions to consider. For instance, you are contractually obliged to comply with PCI. The risk of non-compliance includes losing your right to accept credit card payments thus preventing you from receiving online bookings.

A call to action: How to work with your tech vendors on Hotel Data Security

Since most hotels outsource their technology systems, it can be easy to think that the responsibility for data protection passes on to the tech vendor itself. But ultimately, it’s the hotel that will be responsible should something happen.

There are several steps a hotel can take to properly prepare for GDPR and PCI. Some of them may already be in place but the below list provides a checklist for actions a hotel can take.

PCI-DSS

To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI DSS) offers a guideline with 12 central security areas—these are identified as the minimum level of security measures organizations need to take. Ultimately, responsibility for any breaches falls upon the hotel.

We are helping Hoteliers to properly prepare for PCI. If you have any questions on this topic, please get in touch.

SmartHOTEL PCI DSS Compliant
Get in touch

GDPR

GDPR (General Data Protection Regulations) comes into force on May 25th, 2018 and relates to any form of information that could be used to reveal a specific person’s identity. This extensive list includes details such as a person’s name, email address, IP address, passport number or bank account number.

We are helping Hoteliers to properly prepare for GDPR. If you have any questions on this topic, please get in touch.

Get in touch

Please reach out to us for any additional questions

Please reach out to us for any additional questions

SmartHOTEL believes in a highly connected safe and secure world of deeply integrated technologies combined with tailored service. So that the Hoteliers can focus on realizing the ultimate guest journey.

 

Contact Us
Page Navigation