GDPR Hospitality compliance – the challenge nobody wants to manage


“You can bet there will be an army of people ready to bombard you on 25th May 2018 to get their data from you”.

This is a possible reality for when the GDPR drops. And a scary one it is indeed. Will you be able to find, manage and share all the information you have about a customer within 30 days of a request? This was one of the main discussion points of the September IT in Hospitality Workshop.

Event results

It seems the biggest challenge for our workshop attendees was the implementation of GDPR policies and compliance. With so much data to process and policies to be put in place, the lack of confidence surrounding implementation is unsurprising, especially when paired with recent research.

Exonar’s 2017 UK GDPR Preparedness Survey found 15% of respondents don’t have sufficient funds to manage changes required by the upcoming regulation. 20% felt they did not have enough time to implement regulatory changes before the May 25th 2018 deadline.

The figures below reflect what the guests of our recent IT in Hospitality Workshop felt to be the greatest IT challenge for GDPR:

Implementation
Where to begin
Finding the right partners
Time/resources
Getting the board on-board
Knowing who holds responsibility
54%
45%
18%
18%
9%
9%

Next steps

Our recommendations for GDPR IT compliance centered around many of Microsoft’s solutions, in the form of discovery, governance, protection and reporting. Additionally, the GDPR Benchmark test, is an effective way to discover where exactly your organisation currently sits in relation to compliance, and also benchmarks you against your peers.

Microsoft’s GDPR Benchmark is an online 26 question self-evaluation tool which assesses your organisation’s current readiness for GDPR. There is no cost for the assessment and provides a full report detailing where improvement is needed. In the examples above, you can see our mock test result has suggested to focus on Discover, Manage and Protect.

Microsoft analyses your reports against their “Discover, Manage, Protect, Report” approach to GDPR compliance. the report provides detailed suggestions for each question, alongside recommended actions and services.