• HFTP Report: Hospitality Data Security — Strategy for Data Protection and Regulation Compliance

    This guide from Hospitality Financial and Technology Professionals (HFTP(R)) covers safeguards that can be implemented in hospitality businesses today, tips on how to continuously improve security and data regulation compliance.

  • HFTP GDPR Guidelines: Privacy Policies for Hotels

    This document offers points to consider in the development of a hotel’s privacy policy. In view of the multiple organisational and legal structures under which hotels operate, as well as the complexity of the third party landscape that may be part of the complete guest experience, this document serves as a guideline only.

  • HFTP GDPR Guidelines: Hospitality Guest Registration Cards

    This document offers recommendations for guest information collection on the guest registration card along with consent for use. It can be used as a guideline for loyalty cards, health data, export of data outside of the EU, privacy policies and direct marketing.

  • HFTP GDPR Guidelines: Hospitality Organization Flow Charts

    This document is a set of flow charts illustrating data flow scenarios, involved parties providing hospitality services, steps of the guest journey and more. Four scenarios are presented: independent hotel, independent hotel with third party agreement, branded hotel and branded hotel with independent control.

commercial

Top Concerns Hotels Need to Know About the GDPR and How to Prepare Your Action Plan

HEBS Digital ·9h
By now you've probably heard of the General Data Protection Regulation (GDPR) and should have started considering the effects of this regulation on your hotel website, data strategy, and hotel digital marketing. With the GDPR just around the corner, we've put together an overview that includes an explanation of the GDPR, the top misconceptions, and the most important considerations that will need to be implemented on your hotel website and included in your digital strategy.What is the GDPR?The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and regulates how companies manage, use, and share personal data. The GDPR will take effect on May 25, 2018. The GDPR applies to natural persons, whatever their nationality or place of residence, whose personal data is processed and whose behavior is monitored while within the EU. This change in legislation means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies begin to adapt.The foundation of the GDPR builds on rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, and expands on these privacy measures in two critical ways. The definition of and requirements around personal data have been expanded. First, the GDPR defines personal data as any information that can be used to identify directly or indirectly a data subject, such as an online identifier like an IP address. The GDPR sets a higher standard for collecting personal data than ever before. By default, any time a company obtains personal data on an EU resident, it will need a legal basis for collecting that data, such as explicit and informed consent from that person. Even more importantly, users also need a way to revoke that consent, and they can request all the data a company has collected on them as a way to verify that consent. These strong regulations explicitly extends to companies based outside the EU. The penalties are more severe. The GDPR's penalties are severe and have two tiers of fines. The maximum fines per violation are set at up to four percent of a company's annual global revenue or 20 million Euros, whichever is larger. The lower level fines are up to two percent of a company's annual global revenue or 10 million Euros, whichever is larger. These penalties far exceed fines allowed by the Data Protection Directive, and it signals how serious the EU is taking data privacy.Get to know the facts. Avoid misconceptions regarding the GDPR: The GDPR affects hotels across the globe: The GDPR applies to all properties that target EU residents as customers no matter where they are located. This means that the GDPR affects all hotels in the US and locations around the world, not just Europe. Hotels are liable for the GDPR: Regardless of your partners or solutions provider, the hotel (who according to the GDPR would be considered the data controller) is ultimately responsible for using tools that are in compliance with the GDPR. One price point for all of the EU: Commonly overlooked regarding the GDPR, it's important to note that hotels cannot use profiling to set prices based on an EU visitor's location.How does the GDPR apply to your hotel's online data policy?The GDPR affects your hotel's data policy regarding EU website visitors in six main ways: Getting consent: Visitors to your website must understand exactly how you are planning on using their data, and the legal basis for why you are collecting the data. Unambiguous and affirmative consent is a key part of GDPR legislation and it is important for any hotel website that collects personal data to obtain specific permission to use it in the course of their business. If you are requesting consent from the customer, the user must agree to each specific purpose. That means if you have someone's email address who booked with your hotel, you are only allowed to market to them if they have explicitly agreed to this. Similarly, privacy notices may require rewriting to be in line with the GDPR rules. Privacy Policies and Terms of Service must be simple to understand and free of jargon (a good rule of thumb here is that a 16-year-old should be able to understand the Terms of Service). Accessing data: A main component of the GDPR is being fully aware of who has access to personal data that is logged and stored on your hotel website's content management system or database. The first step is to understand exactly who has access to this data and compile a list. Next, examine the list and ask whether all of these people require access to this data. If the answer is no, permission should be revoked and measures must be implemented to control future access.There must also be a robust process in place for deleting data that is no longer relevant or required, as companies are not allowed to hold on to this for any longer than is absolutely necessary. Data accountability: Regardless of your solutions provider, hotels are ultimately responsible for using tools in compliance with the GDPR. In light of this, hotels should audit any external agencies they use that might have access to their data to ensure that their procedures are compliant. As the data owner (controller) you are ultimately responsible for this, even if you have outsourced elements of the process, so keep a record of measures you have taken to ensure all partners are acting in line with the GDPR regulations. All of your partners should be able to clearly explain what measures they have taken to maintain maximum security of the data you provide. Data accuracy: All personal data must be accurate and kept up-to-date. Every reasonable step must be taken to ensure that personal data is correct in regard to the purposes for which data is processed, and that personal data is erased or rectified without delay if inaccurate. Data minimization: Websites should collect only the minimum amount of customer data to do the job, as well as adhere to the "storage limitation principle" which mandates that personal data must be stored for no longer than is required and that individuals must be informed about the planned use of personal data. Data portability and the "Right to be Forgotten": All website users have the right to receive their personal data that was previously collected in a readable format, as well as own the "Right to be Forgotten" which grants consumers the ability to easily have all of their data deleted from the hotel database.How can your hotel prepare for the GDPR?The GDPR affects your hotel website, data strategy, digital marketing, and online merchandising. Below are the top ways you can prepare for GDPR:Preparing Your Hotel WebsiteIt's important to ensure that all web forms and website cookie usage are in line with the GDPR. Your website's Privacy Policy and Terms and Conditions should also reflect the GDPR to ensure that everything is in compliance. Update your Privacy Policy and Terms and Conditions. First and foremost, your hotel website's Privacy Policy and Terms and Conditions should be updated to reference GDPR rules and regulations. In particular, you will need to be transparent with what you will do with personal information once you've collected it, and how long you will retain this information on your website and in any other databases. Ensure your website is secure. Your hotel website should have an SSL (Secure Sockets Layer) Certificate to ensure that all data processing through the website is secure. If your website has an SSL Certificate, the domain will begin with "https," rather than "http." SSL Certificates secure all of your data as it is passed from your browser to the website's server. Ensure cookie consent. Website visitors from the EU must provide consent for your hotel website to enable cookies that are used to identify an individual. Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. Hotel websites should present clear terms of service regarding cookie usage with an opt-in box. Do not include pre-ticked boxes on the consent form, as this is against the GDPR regulations. It is important to note that the hotel website should not constrict users to accept cookies in exchange for information, and the hotel must also have a legal basis under the GDPR to use an EU visitor's IP address to personalize content or identify a user's device. Ensure the ability for people to opt out or erase their personal data. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it under the "Right to be Forgotten" clause. Controllers must inform data subjects of the right to withdraw before consent is given. Update email opt-in to default to "No" and include specific check boxes for every opt-in. Forms that invite users to subscribe to newsletters or indicate contact preferences must default to "no" or be an un-checked opt-in box. You should also ensure that users provide consent for all ways your hotel will be utilizing their data. For instance, if a user is opting in for email newsletters, this does not mean they are opting in for that email to be used for look-a-like audience marketing. Ultimately, hotels must set up a specific checkbox or form of consent for each separate use of guests' data. And finally, to ensure that you are in complete GDPR compliance, it's important to implement a double opt-in process. All web forms must clearly identify named parties. Your web forms must clearly identify each party for which the consent is being granted. It is important to note it isn't enough to say specifically defined categories of third-party organizations, they must be named in full. For example, your consent form cannot simply say third-party ad networks, it needs to specifically name the ad networks where ads will appear.Preparing Your Data StrategyOnce you've collected user data from EU residents or anyone living within the EU, it's important to follow key protocols regarding the use and removal of this data. It is also extremely important that everyone covered by the GDPR has an easy way to access and download any of their personal data collected. Here are some key considerations regarding your data strategy: Provide EU visitors with easy access to download personal data. Your hotel website should provide a request form where EU website visitors can request personal data. Do not keep data for longer than required. While the GDPR does not state a specified timeframe that limits data storage, it's a good idea to scrub customer data once or twice a year to ensure that all data is accurate and up-to-date. Any inaccurate or incomplete information should be deleted and the hotel is responsible for clearly stating how long the information will be stored within the privacy policy. Allow easy consent opt-out to address the "Right to be Forgotten" and grant EU website visitors the ability to delete their personal data. Your data strategy must allow for website visitors who previously consented to any use of their personal data to easily opt out or "erase" their data, as well as update their opt-in preferences. This user experience should be just as seamless as opting in and be easy to navigate on the hotel website.Preparing Your Marketing StrategyThe GDPR impacts your email marketing strategy, display remarketing strategy, and any display that utilizes owned customer data for targeting. Make it clear which third-party vendors will be utilizing EU customers' personal data. When prompting users to opt in to cookie consent or to access their customer profile data for marketing purposes, be sure to clearly list the name of the ad networks and third parties that will be utilizing these cookies and accessing this data for retargeting and building look-a-like audiences. Ensure that all third parties and ad networks are in compliance with GDPR. Have your marketing agency or internal marketing department reach out to any third-party vendors or ad networks to ensure that they are GDPR compliant and have taken appropriate measures. Only use data for the intent in which the EU user opted in. When an EU user grants permission to use cookies or opt in to an email marketing list, only use the data for the marketing for which the user opted in. This means if the user only opted in for remarketing, you cannot use the data to build look-a-like audience targeting. Or, if an EU user opted in to a monthly email newsletter, the user's email address should not be used for other marketing purposes. Overall, it's not only important to familiarize yourself and your hotel staff with the GDPR, it's important to ensure that all of your bases are covered. To be ready for what's next on the official launch of the GDPR on May 25, 2018, check out additional resources on The UK Information Commissioner's Office and review your policies with a data privacy consultant and your legal team.
commercial

Top Concerns Hotels Need to Know About the GDPR and How to Prepare Your Action Plan

Max Starkov | The HeBS blog·19 April 2018
By now you’ve probably heard of the General Data Protection Regulation (GDPR) and should have started considering the effects of this regulation on your hotel website, data strategy, and hotel digital marketing. With the GDPR just around the corner, we’ve put together an overview that includes an explanation of the GDPR, the top misconceptions, and the most important considerations that will need to be implemented on your hotel website and included in your digital strategy
commercial

Facebook to put 1.5 billion users out of reach of GDPR

hotelmarketing.com·19 April 2018
Facebook is keen to reduce its exposure to GDPR, which allows European regulators to fine companies for collecting or using personal data without users’ consent. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company’s international headquarters in Ireland.
commercial

GDPR: a checklist for hotels

eHotelier.com·18 April 2018
Hospitality is full of acronyms. ADR, PMS, GOPPAR, MICE… the list seems endless. But at the moment, there are few more important than GDPR. With the compliance deadline from May 25, 2018, it’s now under 40 days until GDPR, or the General Data Protection Regulation, comes into force. And though it’s a European Union law, its likely that hotels around the world will be touched by it.

Hospitality Experts Gather for HFTP's Second European HITEC

HFTP ·16 April 2018
In its second year, Hospitality Financial and Technology Professionals (HFTP) European HITEC was held last week where top industry experts exchanged knowledge geared toward shaping the future of hospitality globally. Discussions were held on the hottest topics in the industry - artificial intelligence, voice recognition, data science, robotics, customer journey and the EU GDPR. Over 100 companies displayed the latest in available hospitality technology products available around the globe.Kicking-off the event was HFTP's Entrepreneur 20X (E20X) where 11 entrepreneurs presented their innovative technology to a panel of expert judges. Startup KITRO was awarded the Judge's Choice grand prize award of EUR2,500. Following the competition, participants were available to meet with delegates in the Innovation Lab. Delegates had an opportunity to select their favorite innovative technology, which differed from the E20X Judges Award. For the second time, the favorite technology of delegates at a HITEC event went to Arrivedo.Another highlight of the conference might well have been the largest gathering ever of European hospitality CIO and CFOs. The invitation only event, sponsored by Fourteen IP Communications, provided the c-level audience an opportunity to address current day problems and speculate about the future. The sometimes spirited discussion offered insight into what the near future trends might be, and what the roles of industry professionals will be in the future. The stellar educational program ended with Frits van Paasschen, best-selling author and former CEO of Starwood Hotels and Resorts, providing unique perspective on trends shaping the global economy.The partner of the conference - the exhibitions - was not as stellar or up to HFTP standards. "Producing hospitality events for more than four decades, and being a nonprofit organization, HFTP sets higher standards regarding the quality and overall experience of our stakeholders than other conferences and exhibitions," said HFTP CEO Frank Wolfe. "We work passionately on behalf of the industry year-round to provide the best possible tools and experiences for all of our participants - including our exhibiting companies. A positive exhibitor experience was not the case at this event."The first sign of trouble exhibitors experienced was set-up preparations, which overflowed into actual opening exhibit hours. During the event, exhibitors experienced internet problems and the traffic inside the exhibition hall was clearly disappointing.Although buyers registered for the event, checked in on site and were available on the event app, the numbers inside the exhibitions were not what we expected. So, in recognition of the energy and time HFTP supporters spent preparing for the event, ALL exhibiting companies were offered a partial refund of their stand reservation fees. "HFTP continues to expand and evolve for the industry and its promise is to do our best to make the quality of the experience positive," Wolfe said. "In spite of the troubles, HITEC Amsterdam already has really good support from the exhibitions side and has sold almost 50 percent of the available stands for 2019."HFTP remaining events for 2018 include HITEC Houston - HFTP's largest event of the year - from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA. HFTP Annual Convention will October 24-26 at the Omni Louisville Hotel in Louisville, Kentucky USA. HITEC Dubai will take place December 5-6 at the Madinat Jumeirah in Dubai, UAE. For more information about HFTP's international events, visit www.hftp.org and www.hitec.org or contact the HFTP Meetings & Special Events Department at education@hftp.org.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career. Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes and HFTP GDPR Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.
commercial

GDPR: A primer for everyone in travel

Flip.to Blog·16 April 2018
GDPR. It’s a regulation that, in just over a month, will have a huge impact for marketers everywhere. While building compliance into our platform, we’ve gotten a ton of questions as to why it’s important, and how we’re handling the shift. To help, we’re raising awareness industry-wide with a primer on how it affects all of us in travel.

GDPR: Steps for Complying with Employer Responsibilities

Lodging Magazine·16 April 2018
GDPR—four letters of the alphabet that are proving to represent one of the biggest challenges facing businesses in 2018. The General Data Protection Regulation (GDPR) comes into effect on May 25 across the European Union and impacts any organization that operates within the EU and processes the data of EU citizens wherever they may be in the world. How organizations hold, store, and process personal data will now be subject to higher and more consistent scrutiny—with the potential of a significant penalty for non-compliance.

Legal experts outline challenges for hotel industry

hotelnewsnow.com Featured Articles·16 April 2018
Sexual harassment, exploitation and GDPR compliance took center stage during the first day of the Hospitality Law Conference, where legal and hotel industry experts addressed the current state of these issues and what hoteliers can do to address them. Speakers at this year’s Hospitality Law Conference shed light on a number of pressing legal issues facing the hotel industry, explaining where the industry stands now and what actions hoteliers can take. Sexual harassmentThough the number of workplace sexual harassment claims made to the U.S. Equal Employment Opportunity Commission has not increased so far in 2018, said Andria Ryan, partner at Fisher Phillips, insurance companies are reporting an increasing number of demand letters from their clients. It’s likely there will be more claims coming through, she said during her presentation “Harassment in the hospitality Industry—how to avoid being the next #MeToo.”
commercial

Beekeeper Ranks No. 59 on SaaS 1000

Beekeeper ·12 April 2018
SAN FRANCISCO, CA -- Beekeeper, a digital workforce platform recently awarded the most innovative technology of 2018, has ranked No. 59 on theSaaS 1000, a prestigious index of Software as a Service (SaaS) companies algorithmically ranked by a number of growth indicators such as hiring trends and team expansion rates. As the SaaS product landscape continues to expand, lists like the SaaS 1000 are incredibly useful tools for SaaS pros to evaluate the groundbreaking trends that will shape our industry for years to come."The Beekeeper team's international impact on frontline workforce internal communications is an indicator of their continued growth," said Tom Blue, founder of SaaS 1000. "We are excited to see them climb the ranks of SaaS 1000 and to see what the company has in store for the future."Beekeeper is a rapidly growing startup designed to solve critical technological problems throughout industries with high concentrations of non-desk workers. The team experienced a 27.71% growth over the past six months alone, with 100 employees working across the Beekeeper offices in San Francisco, Zurich, London, and Berlin. Throughout 2018, the company is projected to double in size worldwide. A 4.9 rating on Glassdoor signifies that the organization is deeply committed to building a strong company culture than enables its employees to flourish."We are honored to be included on the SaaS 1000 list and look forward to growing our team with strategic hires to execute our vision of uniting and engaging frontline and corporate employees on one streamlined platform," said Beekeeper CEO Cristian Grossmann. "We are proud of the strategic additions we have made to our team, including our recently appointed Head of Hospitality Andrada Paraschiv, Global Head of Hospitality Sales Connie Rheams, and a number of talented software engineers. These hires have contributed to the Beekeeper family doubling down on some exciting product expansions that have helped our clients ramp-up operational and communication efforts. As we aspire to continue climbing the SaaS 1000 list, we're excited to continue welcoming talented members to our team to help the Beekeeper platform and culture grow."Beekeeper is an award-winning, GDPR compliant, digital workplace app that digitizes hospitality workers by connecting operational systems and communication channels within one secure, intuitive platform. Keeping employees connected to the organization at large, as well as to each other, the company aims to digitize the 83% of employees worldwide who do not sit behind a desk. The app brings together colleagues across locations and departments in real time via mobile or desktop devices by allowing top-down, bottom-up, and peer-to-peer communication to give every employee a voice.With Beekeeper, secure, automated, and relevant information is readily distributed, searchable, and measurable in one central hub for an efficient digitized workflow. The platform includes an intelligent dashboard to help companies gauge the effectiveness of their internal communications to streamline business processes. The mobile and web app easily integrate with existing operational systems, so employees have all the tools they need at their fingertips. The custom branded interface and advanced front and backend features create an interactive employee experience proven to strengthen engagement, retention, productivity, and the bottom line.Beekeeper supports users in more than 130 countries. Clients include Marriott, InterContinental, and Hilton.

Marketing to European travelers? Take these steps on personal data

hotelmarketing.com·12 April 2018
The European Union's new General Data Protection Regulation (GDPR) makes you legally accountable for what happens to the personal data that you receive. This article includes some clear steps on what to do to comply. The definition of "personal data" covers just about every piece of client information that a travel agency or other travel business gets: "'Personal data' means any information relating to an identified or identifiable natural person ... an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

HFTP Announces Dates and Location for Second Annual HITEC Dubai

HFTP ·11 April 2018
Building on the expertise of planning and producing the world's largest hospitality technology show, Hospitality Financial and Technology Professionals (HFTP), producers of Hospitality Industry Technology Exposition and Conference (HITEC), will host HITEC Dubai 2018 from December 5-6, 2018 at the Madinat Jumeirah in Dubai, UAE. Produced in partnership with Naseba, HFTP's HITEC Dubai will serve as the association's third and final HITEC of 2018.The event is a Middle Eastern counterpart to the tremendously successful annual HITEC which brings together thousands of individuals from the hospitality technology community to a different city in North America each year. Since Dubai is one of the world's leading international business centers and regional hubs with a booming hospitality industry, HFTP has expand its recognized HITEC to the region. HFTP recently opened a Dubai Research Center, which serves as an office space and research center, located in the Dubai World Trade Centre. HFTP has employed two graduate students from The Emirates Academy of Hospitality Management to conduct regional research, benefitting the association and its international scale of events and resources."Last year's inaugural HITEC Dubai event featured 600+ hospitality stakeholders, 40+ solution and service providers and 30+ industry expert speakers," said HFTP CEO Frank Wolfe. "The demand for HITEC Dubai 2018 was such a great success that the event outgrew its initial venue. HFTP is excited to expand its educational resources and expert networks across The Middle East."The partnership between HFTP and Naseba for HITEC Dubai combines both organizations' vast experience in the sector to build the ultimate hospitality technology platform in the GCC region. Naseba brings additional, local expertise to the event whereas HFTP has appointed a HITEC Dubai Advisory Council to assist with the education program.Planning for HITEC Dubai has begun, and will reflect practices and trends specific to The Middle East. Top regional experts will be diligently selected to volunteer their industry expertise on the HITEC Dubai Advisory Council and provide guidance for the event's education program. Reservations for exhibit space at HITEC Dubai are now being taken. HITEC Dubai also offers multiple sponsorship and advertising opportunities for exhibitors to increase impressions before and after the show. For more information, contact HFTP Director of Exhibits Paula Lerash, CEM at Paula.Lerash@hftp.org.In addition to HITEC Dubai, HFTP is currently hosting HITEC Amsterdam from April 11-13 at the RAI Convention Centre in Amsterdam. The larger HITEC Houston is from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA. For more information about HITEC and HFTP's other international activities, contact the HFTP Meetings & Special Events Department at education@hftp.org or visit www.hftp.org and www.hftp.org/hitec. Click here to watch a video from HITEC Dubai 2017.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career.Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes and HFTP GDPR Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.###

HFTP Report: Hospitality Data Security — Strategy for Data Protection and Regulation Compliance

11 April 2018
This guide from Hospitality Financial and Technology Professionals (HFTP(R)) covers safeguards that can be implemented in hospitality businesses today, tips on how to continuously improve security and data regulation compliance. Technology is changing at a rapid pace and hospitality businesses big and small must be ready for cybersecurity threats both now and in the future.

HFTP GDPR Guidelines: Privacy Policies for Hotels

10 April 2018
This document offers points to consider in the development of a hotel’s privacy policy. In view of the multiple organisational and legal structures under which hotels operate, as well as the complexity of the third party landscape that may be part of the complete guest experience, this document serves as a guideline only.

HFTP GDPR Guidelines: Hospitality Guest Registration Cards

10 April 2018
This document offers recommendations for guest information collection on the guest registration card along with consent for use. It can be used as a guideline for loyalty cards, health data, export of data outside of the EU, privacy policies and direct marketing.
commercial

VENZA presents the GDPR Readiness Survey

Venza Group ·10 April 2018
Daniel Johnson, Partner/Co-founder of VENZA, designed this survey to assess the level of compliance and awareness of organizations in the hospitality industry. Questions not only cover basic demographics, such as country and organizational size but also measure concern about fines and expenditures for compliance and gauge awareness about individual articles that impact the hospitality industry. This survey also identifies the level of urgency among organizations, if any, before this regulation goes into effect.Daniel brings to this survey extensive knowledge of the GDPR, having just co-chaired the HTNG GDPR Work Group, through which approximately 50 industry colleagues produced a hospitality-focused GDPR white paper and an accompanying self-assessment tool. These materials will provide organizations within the hospitality industry significant assistance in their preparation for the GDPR. Daniel also helped to architect hotel data flow charts as a member of the HFTP GDPR HDPO Task Force. These flowcharts illustrate data flow scenarios for the guest journey, third parties that provide hospitality services, and more.With numerous keynote speaking engagements already completed for this year, Daniel has had many opportunities to ask hoteliers about their GDPR preparedness. What will VENZA's confidential survey reveal about these same hoteliers and their level of concern for protecting European data subjects? Find out by taking part in this survey and reading the results in the summer edition of Hospitality Upgrade Magazine!The survey will be available from April 9-30, 2018. Participants will not be required to provide their names to take part in the survey, so all answers will remain confidential. Please click this link now to participate.Upon completion of the survey find out more about GDPR at these webinars scheduled for two sessions daily on April seventeenth and eighteenth with times for both Eastern Standard Time and Central European Time. You can access specific times and register for webinars by going to www.venzagroup.com/event/. All webinars will have a question and answer session at the end to help clarify any of the material covered. No two webinar sessions will be identical, so feel free to sign up for multiple sessions.About VENZADrawing on decades of experience, VENZA can help organizations mitigate their data security vulnerabilities and ensure compliance, keeping guests and their data safe from breaches. By delivering a security solution for readiness, reassurance and response, VENZA offers 360-degree visibility for proactive management of risks--so users can focus on guest service and building trust in their brand. Better visibility means better defense. Know the risks, protect the enterprise with VENZA.More than 100+ countries look to VENZA for tools, technology, and strategic security support. Founded in 2008, VENZA is a privately held company, headquartered in Roswell, GA. For more information, please call 770.685.6500 or visit VENZAgroup.com.

GDPR and the End of the Internet's Grand Bargain

harvardbusiness.org· 9 April 2018
In May the European Union's General Data Protection Regulation goes into effect, two years after passage by the European Parliament. This radical new privacy law, which covers any business that processes information about EU residents, will dramatically affect the way data is collected, stored, and used, including for U.S. companies doing business abroad. In the U.S., lawmakers are now circling waters bloodied by revelations regarding potential abuse of Facebook's social media data, with CEO Mark Zuckerberg scheduled to testify on Capitol Hill this week about the 'use and protection of user data.' Facebook's woes, following continued reports of major data breaches at other leading companies, have amplified calls for GDPR-like legislation in the U.S. A Refresher on GDPR For now, GDPR, which replaces previous EU mandates on data collection and use, differs significantly from U.S. law, pushing the two regions further apart
commercial

Frasers Hospitality Australia Deploys Infor to Deliver Seamless Mobile Experiences and Become a Paperless Business

Infor · 9 April 2018
Infor, a leading provider of industry-specific cloud applications, today announced global hospitality operator, Frasers Hospitality, has deployed Infor HMS mobility solutions across its Australian properties as part of its digital transformation strategy.The project, which started in 2015 with the deployment of Infor solutions at Frasers Hospitality's Brisbane property Capri by Fraser, has now been extended across all of Fraser Hospitality's Australian facilities in Sydney, Melbourne and Perth.Howard Phung, IT Manager Australia, Frasers Hospitality said, "Our Australian customers and staff were becoming more mobile and they expected seamless experiences across channels and devices, as well as access to integrated next-gen payment technologies."Frasers Hospitality's previous systems experienced several inefficiencies as the organisation was using separate platforms which did not allow seamless communication across channels and devices, sharing of information nor integration with third-party systems."We needed an integrated, agile and flexible platform to bring our employee- and customer-centric vision to life. Our aim was to optimise check-in efficiency, eliminate paperwork, integrate next-gen payment platforms, and ensure a high level of personal data security as compliance requirements were growing," added Phung.Paperless mobile experience and integrated payment, in a complex regulatory environmentAs seamless check-in was at the centre of attention for both staff and customers, Frasers Hospitality worked in collaboration with Infor to deploy the Infor Mobility solution that would deliver an unparalleled experience.Since its roll-out, the housekeeping app has helped improve operational productivity by 80%. Staff do not have to resort to heavy paper-based administrative processes. They can use mobile phones or tablets to organise daily activities and have all customer information sitting in the one platform. This means housekeeping staff are able to view all customer data, receive updates and manage all administrative and housekeeping requests in real-time.Customers walking to a Frasers Hospitality property can check-in quickly at the tip of their fingers.With the integration of Infor E Reg Card solution, Frasers Hospitality Australia shifted to a digital registration card system, while the roll-out of HPP technology enabled the organisation to offer secure "Click to Pay" link options to its clients, across all devices.Today, Frasers Hospitality offers Australian customers visiting its properties with many integrated payment options, including Apple Pay and in the near future, AliPay, PayPal and many more."Security is a major concern in our industry, especially when it comes to managing mobile data and payments. Using Infor solutions was instrumental in ensuring we were delivering mobile and payment features with a high level of security and data privacy, to comply with Australian and international regulations," explained Howard Phung.Frasers Hospitality mobile solutions mean Frasers Hospitality is fully compliant with the PCI, Mandatory Data Breaches Notification and upcoming GDPR regulations.Business Intelligence at the core of decision-makingInfor's Business Intelligence (BI) capabilities has enabled Frasers Hospitality to personalise and customise its customer-facing features at any point in time, depending on what each customer expects.Using the power of rich data, Frasers Hospitality teams are able to build dashboards that can form smart decision making in real-time, and create accurate forecast models, ultimately reducing operational and structural costs and delivering a better service to guests.This is a pioneer project for Frasers Hospitality which has used Australia as a pilot market to inform its digital strategy in other markets such as China and the UK where the Infor solutions have now also been implemented."Our vision is to be 100 percent paperless by late 2019. Thanks to Infor, we are on the right track to achieve this and make our digital transformation permanent," said Phung."Mobility, next-gen payments and compliance requirements are challenging many service-based industries. Frasers Hospitality is a great example of how using cloud-based mobile technologies and integrated platforms can help improve a business' bottom line, improve staff and customers' overall experience, while meeting data security and privacy compliance requirements," said Eric Wong, APAC Vice President, Hospitality at Infor.About Frasers Hospitality AustraliaFrasers Hospitality, a member of Frasers Property Group, is a global hospitality operator with Gold-Standard serviced, hotel residences and boutique lifestyle hotels across Australia, Southeast Asia, North Asia, Middle East, Africa and Europe.

HFTP Launches New Multi-Event Mobile App for Upcoming 2018 Conferences, Including the Upcoming HITEC Amsterdam

HFTP · 6 April 2018
Gearing up for the first Hospitality Industry Technology Exposition and Conference (HITEC) of 2018, event producers Hospitality Financial and Technology Professionals (HFTP) is excited to announce the launch of this year's "HFTP Events" mobile app. The HFTP event 2018 mobile app is home to all the information attendees and exhibitors will need for HITEC Amsterdam, HITEC Houston and Annual Convention this year, with information coming available as the event nears. Available now for download from the iTunes Apple Store and Google Play, the app will serve as a comprehensive guide for information on education sessions and exhibits while also providing social feeds and in-app correspondence capabilities for exhibitors and attendees.The HFTP events 2018 mobile app is a benefit for event attendees, serving as an interactive and informative tool. Users should create a profile and login to gain access to all app functionality. Once logged in, users will have the ability to create a customized educational schedule and link speaker biographies, session evaluations and more. Mobile app users will also be able to connect with other attendees using searchable directories, direct messaging and meeting booking functionalities. Robust searching gives users the capability to network a practical way to find and make direct contact for potential business opportunities."As a hospitality association, HFTP is always looking for ways to enhance the experience for our event attendees and members," said HFTP CEO Frank Wolfe. "The decision to create a combined mobile app again in 2018 comes from our determination to offer corporate event attendees a feature-rich tool in an easy-to-use and convenient platform. Attendees will not only benefit from the interactive capabilities and mobile planning functions, the app gives users a front seat to all of the event information."The HFTP event mobile app is a resource complete with all the information you will need to navigate the association's upcoming events in 2018. Event maps, floorplans, survey links, information sites, educational credits are only some of the resources available inside the app. Discover information about event speakers, exhibitors, sponsors, Entrepreneur 20X (E20X) and much more. Stay updated with HFTP through the app's activity feed feature, which streamlines all social channels into one space.Next up on the HFTP event schedule is HITEC Amsterdam - the first of three HITEC events HFTP will produce in 2018 - taking place next week from April 11-13 at the RAI Convention Centre in Amsterdam. HITEC Houston, HFTP's largest event of the year, will take place from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA. HFTP Annual Convention will take place October 24-26, 2018 at the Omni Louisville Hotel in Louisville, Kentucky USA. HITEC Dubai will take place December 5-6 at the Madinat Jumeirah in Dubai, UAE.For a full listing and more information about HFTP's international events, visit www.hftp.org and www.hitec.org or contact the HFTP Meetings & Special Events Department at education@hftp.org.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes and HFTP GDPR Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career.Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.###
commercial

GDPR: The checklist

Triptease Blog· 6 April 2018
Hospitality is full of acronyms. ADR, PMS, GOPPAR, MICE… the list seems endless. But at the moment, there are few more important than GDPR. It's now under 50 days until GDPR, or the General Data Protection Regulation, comes into force. And though it’s a European Union law, its likely that hotels around the world will be touched by it. As a company driven by data, we have frequently been asked about our own approach to GDPR. So, as we count down the days to the May 25th deadline, we decided to share some of the preparations we are making and some of the tips we’ve picked up along the way, as well as some expert insight into readying your hotel for the biggest change to data protection in the EU for over two decades.
Article by

GDPR in the EU and UK: AETHOS' 3 Steps for Complying with Employer Responsibilities

AETHOS Consulting Group · 6 April 2018
GDPR. Four letters of the alphabet that are proving to represent one of the biggest challenges facing businesses in 2018. The General Data Protection Regulation (GDPR) comes into effect on 25th May across the European Union, including the UK, and impacts any organisation that operates within the EU that processes data of EU citizens wherever they may be in the world. How organisations hold, store and process personal data will now be subject to higher and more consistent scrutiny - with potentially significant penalty for non-compliance. AETHOS Consulting Group's London Managing Director Chris Mumford emphasizes that much attention is already given to how customer data is handled under GDPR, especially in the hospitality sector where hotels process a high volume of personal information and payment data. "GDPR not only impacts how a business interacts with its external customers but also how it manages data internally with regard to its employees. In an industry such as hospitality where the labour force is so often highly diverse and comprised of multiple nationalities, most organisations will be affected by GDPR."Mumford spoke exclusively to Adele Martins, Partner and head of the Employment Department at law firm Magrath Sheldrick LLP, who clarified that GDPR is considerably stricter in its requirements than the UK's Data Protection Act (DPA). Mumford and Martins highlight a number of key features hospitality employers should consider as they address compliance with the new regulations:- What qualifies as 'sensitive data'? People will regard information about their health or their sexual orientation as more confidential. Technically Sensitive Personal Data or Special Categories of Data include information about a person's race or ethnic origin, their health or sex life, their sexual orientation, political opinions, religious / philosophical beliefs, trade union membership and genetic and biometric data.- How is employee consent defined and best obtained? The GDPR makes it clear that consent must be freely given, specific, informed and unambiguous. It can no longer be implied from silence, pre-ticked boxes or inactivity.- Regarding businesses which have external suppliers that are exposed to personal employee information (ie. payroll providers), where does GDPR compliance lie? With all parties. The advice to controllers is to have appropriate agreements in place with providers to ensure that those providers (processors) are contractually obligated to process data appropriately.- Would a hotel in New York which employs a French national in the kitchen be subject to GDPR? So, a hotel in NY employing a French national is processing the personal data of an EU national but that EU national is not within the EU. Does that mean they are off the hook? No. The EU national is still likely to be protected by the GDPR - not least because they are bound to return to the EU at some point and the processing will not stop when they do.- What are the sanctions for failing to comply? The maximum sanction under the GDPR is a whopping Euro 20,000,000 or in the case of a corporate undertaking 4% of global annual turnover - so potentially much higher than the maximum Euro 20 million figure.Mumford and Martins urge hospitality employers to immediately manage three critical steps to prepare for the GDPR compliance deadline:Dedicate data protection personnel internally and at a senior level;Appropriate security measures to ensure that personal data is properly stored, securely processed and retained only for as long as necessary;Clarify Privacy Notices to ensure that the individuals in question understand what data they are providing.

Hotel tech experts focused on mobile key security

hotelnewsnow.com Featured Articles· 5 April 2018
Technology experts in the industry might have differing views on the prominence of mobile key and mobile check-in innovations in hotels, but all agree that maintaining guest privacy while still allowing them to bypass the front desk is of growing importance. Mark McBeth, president of SkyDog Partners and former tech expert with Starwood Hotels & Resorts Worldwide, said “everything is hackable,” and with the news of Facebook changing their privacy controls and the rollout of the General Data Protection Regulation (GDPR) on 25 May in Europe, protecting customer information is important, and will always be a challenge. “Starwood, Marriott, Hilton and Hyatt are not Facebook or Amazon from a data-mining perspective, but they still have significant amounts of information on … their loyalty customers,” he said. “I’m sure people are reading about this Facebook issue, and they’re thinking about where else have they given up their information.”

Data Privacy Is a Bigger Issue Than Ever for Business Travelers

skift.com - Travel Services· 5 April 2018
A year ago, business travelers were panicked about a U.S. and UK ban on laptops and tablets on flights departing certain Middle Eastern and North African countries. While that ban was eventually withdrawn, the experience has prompted urgent conversations within companies about how to protect travelers’ devices and data. High-profile data breaches and reports of electronic devices being searched at border crossings are motivating companies to ask travelers to be more careful about limiting the valuable information that could be exposed.

Facebook does not plan to apply GDPR globally

hotelmarketing.com· 5 April 2018
Zuckerberg told Reuters in a phone interview that Facebook was working on a version of the law that would work globally, bringing some European privacy guarantees worldwide. His comments signal that U.S. Facebook users, many of them still angry over the company’s admission that political consultancy Cambridge Analytica got hold of Facebook data on 50 million members, could find themselves in a worse position than Europeans.
commercial

GDPR is almost here - What you need to know

Milestone Insights· 5 April 2018
On May 25 2018 the European Union (EU) will put into effect the General Data Protection Regulation (GDPR). The GDPR will strengthen and unify data protection of all individuals who reside in the EU. The GDRP is one of the most comprehensive data privacy regulations in the world and is part of an ongoing effort by the EU to create a privacy-based framework that will ultimately culminate in the release of the ePrivacy regulations sometime in the near future. The primary aim of the GDPR is to give control to EU citizens and residents over personal data and to create a unified framework that all members of the EU can adopt to protect citizens. With personal data – and the misuse of personal data – becoming critical conversation points across the Globe, understanding the implication of the GDPR is important for any business.

US hotel industry works to understand, comply with GDPR

hotelnewsnow.com Featured Articles· 4 April 2018
The 25 May deadline to comply with the European Union’s General Data Protection Regulation is quickly approaching, but many in the U.S. hotel industry are still working their way toward both understanding it and fully meeting its requirements. In a nutshell, the GDPR protects the private information of people in the EU and its member states, giving them the right to decide how their personal information is collected, processed and managed. According to a white paper prepared by HTNG titled “GDPR for hospitality,” the new regulation affords these rights to people in the EU, or “data subjects” as they are referred to under the GDPR:

GDPR: The Meetings View

Business Travel News (BTN)· 3 April 2018
If you're a travel manager with purview over meetings, get ready. Meetings are a different ball game when it comes to the European Union’s General Data Protection Regulation, which will be enforced beginning May 25. If you think that internal employees, by accepting a position with the company, implicitly consent to sharing of their data for corporate meetings purposes, you’ll be surprised to find out otherwise. If you think meetings hotels are data controllers and you can set those contracts on autopilot just like preferred transient properties, don’t relax just yet. And what about all the other meetings suppliers like ground transportation, offsite dining and events and offsite team building providers? EY’s Kathy Grau, Cvent’s Tom Patten and consultant Debi Scholar broke it down at BTN’s Strategic Meetings Summit in New York late last month. Following are edited excerpts from that session.

Newletter

Thank you for subscribing. Your email address has been added to our mailing list.
Close
To subscribe to the GDPR Bytes Newsletter please enter your email address below.
An error occured, please check your input and try again.
CancelSubscribe