Hotel Data Security
An introduction to PCI and GDPR, and the importance of compliance.
In today’s digital hospitality landscape, data security is becoming more and more important. The increase in online (distribution) channels that provide data to the hotels is growing each day. From guest data like address and credit card details to travel and profile information provided via Channel Managers and Booking sites. Because of this clustered data of personal information, the hospitality industry is especially vulnerable to attack. Trustwave published a 2016 article that shows that the hospitality sector had the second largest share of data incidents by industry at 14%.
This increase can be translated to the many vendors that are connected to today’s Hotel facilities. Not only the booking channels and online distribution providers can be held accountable for this increase. Also internal facilities like the hotel’s WIFI network are risk factors that distribute many guest and hotel data.
Because of these increasing risks, distribution vendors need to uphold strict security regulations. It is not only your job to find the right vendor based on their unique offer and fit with your hotel, but also if they are PCI and GDPR compliant. Your guests expect that you are following the same security rules. They might not be acquainted with terms like PCI and/or GDPR, but they are aware of hacking risks and are not always willing to provide all their personal information. As such, hotels have a heightened responsibility to protect this information at all costs. So this means that your hotel needs to safeguard digital data, meaning adhering to strict guidelines as outlined by the PCI (Payment Card Industry) and GDPR (General Data Protection Regulation) compliance.