hospitalitytoday.com | 7 The new ‘GDPR’ Data Protection rules: How can hospitality businesses prepare? By Medina Forson (left), Solicitor in the Intellectual Property & Commercial Team at Wedlake Bell LLP What is the GDPR? Ian Cass, (left), Chief Executive of the Forum, said “Many people will welcome tighter controls on who owns their personal data an how it is used, and as such the intent of the GDPR legislation is fine, but it appears that no one in power has thought about the small and micro businesses that make up 98% of the UK’s 5.2 million businesses, account for more than half of the country’s employment and are the economic engine of the high street. “There is the potential for this legislation to impact the way many of these businesses operate and market themselves, and even force them to close down. Matt Hancock’s comment in his press statement that “businesses will be protected” gives no comfort whatsoever whilst there is so much uncertainty about what will be allowed, and what actions will be heavily fined. The Forum is calling on the Government today urgently to establish a dedicated working group, on which the Forum would be pleased to play its part, to ensure that all MPs are fully briefed on the potential impact on their constituency businesses before they are required to vote.” The General Data Protection Regulation (GDPR) is the biggest change in European data protection law in 20 years. It is a European regulation, intended to strengthen and harmonise data protection laws across the European Union (EU) and to protect and give control back to EU citizens over their personal data. The GDPR was adopted in April 2016 and is set to replace the existing Data Protection Directive, which was implemented into the United Kingdom (UK) by the Data Protection Act 1998. The new law will come into force on 25th May 2018. What impact will GDPR have on the hospitality sector? The GDPR applies to processing carried out by businesses operating within the EU. It also applies to businesses outside the EU that offer goods or services to EU citizens. For example, it is likely to apply to a hotel chain outside the EU that directs marketing material to data subjects residing in the EU. The hospitality sector is particularly vulnerable to data security breaches, because businesses typically store large volumes of customer information on multiple platforms. For example, hotel businesses commonly hold data about customers including personal contact and address details, credit card details, passport information, airline miles account information, medical information taken for hotel spa bookings and more.