Possibly, but only if you do this first!
The Covid-19 pandemic has caused a dramatic change in the adoption of technology as hoteliers seek to give themselves every possible advantage in recovery.
Changes to the “technology stack” which might previously have taken years are now being achieved in months. Yet whilst making changes in the use of technology in your hotel, when that technology involves personal data you need to make sure you’re doing it right.
Do you know what your hotel technology actually does?
Know your data processors
Hotels use lots of data processors. You regularly use specialist services to provide the technology and skills you can’t keep up with yourself. And why not? You’re good at running a hospitality business, you don’t need to know how to manage an email server.
Which means instead you use services provided by vendors of property management systems, websites, commercial email, channel managers, payment card processors, office software and so on. All the tools you need, without knowing how they actually work.
The outsourcers dilemma
Which is the first thing you need to be aware of. You don’t know how these things work, so you employ the services of a specialist as a “data processor”. Yet the Data Protection Act/GDPR makes you responsible as the Data Controller for what each data processor does. You see, the processors are deemed to be working under your written instructions. In reality, those instructions are usually provided by the processor vendor in the first place. All you do is sign up to their agreements. When you do, you’re signing up to have the buck stop squarely on your desk. Which means you need to be very careful what you sign. Our own experience in these matters reveals that not all vendors will place your best interests first.
Manage those vendors
To stay on top of the services provided to you by your chosen data processors, you need a robust vendor management system in place. You need to keep them honest and you need to make sure they are always working in your best interests, helping you to uphold the rights and freedoms of your data subjects.
If you’re not doing that today, you’d better start soon. The good news is you can outsource this to a specialist who can keep you in control without you having to deal with all the hassles yourself.