Download presentation
Presentation is loading. Please wait.
Published byKelley Thornton Modified over 6 years ago
1
General Data Protection Regulation: Opportunity, Threat, Vulnerability
Are you ready for 25 May, 2018? Bruce Explain Why we are passionate about data privacy Detail how using best practices can lead to client retention and new sales opportunities. BECAUSE GDPR MAKES DATA PRIVACY A WHOLE BUSINESS CHALLENGE Presented by Bruce Smith Managing Director Tenax Analytics tenax-analytics.com
2
Tenax Analytics – An overview
Over 30 years experience in the hospitality industry including DMC, Meetings, Incentives and Airlines Established to help Hospitality Sector organisations manage risk and cut through complexity relating to critical data. We are able to assess where companies are on their GDPR journey, guide them through what they need to do next – and, crucially, create a comprehensive audit trail of every action taken, to demonstrate integrity to customers and partners alike. Paul Confidential - use prohibited without prior written permission by Tenax Analytics
3
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a new EU-wide data protection law to create consistent data privacy laws across EU member states. It was finalised in April 2016 and will come into active force on May 25th 2018 GDPR is designed to enable the individual to have better control of their personal data and empower them with the rights to manage that control. GDPR applies if the data controller or processor (entity) or the data subject (person) is an EU citizen regardless where they are based. It is hoped that these unified rules will allow entities to make the most of the opportunities of the Digital Single Market by reducing regulations and reinforce consumer trust Bruce Give an overview Emphasize on the fact that multinational companies are affected Confidential - use prohibited without prior written permission by Tenax Analytics
4
Three Big Risks to our Sector?
We don’t understand the nature of the risk – personal data exploitation is so prevalent in our society it requires oversight Ad-tech model versus ‘active and demonstrable’ consent Article 82 “Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.” Bruce How does the ad-tech model coexist in this industry when the rights of the data subject first and foremost demand that they have active and demonstrable consent to sell a persons individual information to anyone that is prepared to bid for it. Confidential - use prohibited without prior written permission by Tenax Analytics
5
Information Pathway Confidential - use prohibited without
Paul Confidential - use prohibited without prior written permission by Tenax Analytics
6
Examples of Data That May be Captured
Clients, Participants and Guests Hospitality Company Hotels Individuals names address/telephone Passport/Visa information Credit card information Medical information Accessibility/dietary Prescription meds Liability (high adventure) Travel (private or commercial) Personal VIP info Religious Affiliation Children under 14 Corporate personnel info Payroll/IRA/401k/age Medical info/health ins. Family info/contact #s Personal assessments Skills assessments Succession planning Client information Prospect information Vendor information Financial info (all the above) Guestroom Reservations: Name/Address/Phone Credit card info Loyalty program information Banquet (i.e. wedding, birthday, etc.) Credit card or other Deposit info (if personal check a CC back up is needed) Group Accounting: Dunn & Bradstreet number Names of senior company officials Bank Information Hotel References Paul Confidential - use prohibited without prior written permission by Tenax Analytics
7
Data Management Best Practices – Custom by design and enduring by default.
Compliance to GDPR is a best practice and is absolutely achievable, but you need to begin now. Identify what data subject information (personal information) you are capturing. Names, s, addresses, credit cards, medical information, employee payroll, etc. Develop a plan for covering accountability Objective: Achieving data protection assurance that is custom by design and enduring by default Bruce Talk about data mapping Gap analysis discussion Confidential - use prohibited without prior written permission by Tenax Analytics
8
12 Steps to Take Now 1. Awareness: Make sure that decision makers and key people in the organisation are aware. 4. Individuals’ Rights: Check your procedures to ensure they cover all the rights individuals have. 2. Information: Document what personal data you hold, where it came from and who you share it with. 5. Subject Access Requests: You should update your procedures and plan how you will handle requests. 3. Communicating Privacy Information: Review your current privacy notices and put a plan in place for making any necessary changes. 6. Legal Basis for Processing Personal Data: You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it Paul Confidential - use prohibited without prior written permission by Tenax Analytics
9
12 Steps to Take Now 7. Consent: You should review how you are seeking, obtaining and recording consent. 10. Data Protection by Design and Data Protection Impact Assessments: Familiarise yourself now with the guidance the ICO has produced on Privacy Impact Assessments. 8. Children: (If required) start thinking about putting systems in place to verify individuals’ ages and to gather parental or guardian consent. 11. Data Protection Officers: Designate a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within the organisation. Paul 9. Data Breaches: Make sure you have the right procedures in place to detect, report and investigate a personal data breach 12. International: If your organisation operates internationally, determine which data protection supervisory authority you come under Confidential - use prohibited without prior written permission by Tenax Analytics
10
Obtaining Client Consent
Remove the idea that this is being done because of new regulations and instead use it as a way to build trust with clients and prospects. Have a conversation with your clients about how you use their data. Craft your message carefully before you send s out asking for continuation of consent from existing contacts Confidential - use prohibited without prior written permission by Tenax Analytics
11
Obtaining Client Consent
Guidelines around consent: Must be freely given Must be specific to what is the purpose Must be informed Affirmed unambiguous indication of the data subjects wishes Do not bundle multiple consents into one statement Confidential - use prohibited without prior written permission by Tenax Analytics
12
For more information Bruce Smith Managing Director, Tenax Analytics
Tel: +44 (0) UK Tel: US
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.