Header Image

Kris Troukens

  • You will be joining Safe Stay event as a speaker on the following topic: GDPR in detail for hospitality – Securing your previous, current and potential guests, and cyber security implications. Can you give us a brief introduction into your presentation?

GDPR is a fabulous opportunity to X-ray your operations. You need to KNOW exactly which processes are in place, where you’ve got personal-data-streams, and you have to understand all implications, and potential risks involved with these processes. Today a lot of companies do not know this. The larger ones have a fairly good understanding of this, however not all is written down in detail, or recent changes are not reflected in the various materials.

By doing this huge “inventory” exercise, the picture should become clear. The various details collected will help any hotel owner to better understand what data passes through his hotel, wand where his responsibility starts and ends. This responsibility scenario can be very complex, as bookings may be arriving from other parties, and the hotel itself may be outsourcing operations to external parties. So a clear view of what you have currently written down in various contracts and agreements with any third party is another action point to be recommended.

  • What impact will GDPR have on guest safety? How will it affect hotels’ security?  

With the introduction of GDPR, it is the right time for hotel owners to check if their current agreements are still valid, and are adapted to the new regulation. Indeed, with the introduction of various systems and tools (amongst others cloud-computing) it is the right moment to validate or enforce stricter rules for data processing. In some properties, the collection of data is enormous, however I sometimes wonder if all is fully used. So with the introduction of GDPR, we could see a more stringent implementation of various security measures. An obvious example would be the encryption of local hard-drives.

  • What are the first steps for hotels to take to adapt to the regulation? Do you have any advice?

The first step is to gather the necessary expertise (in-house-external) to start mapping out your processes and systems. Then decide on what actions you will be implementing (some are mandatory) and how this will be done. So a proper “inventory” phase could make things more clear for all.

  • And last, what do you most look forward regarding your participation at Safe Stay event in London?

Through various implementations at customer sites, I have learned a few things. I would be pleased to share and exchange ideas on these topics, and obviously listening and learning from peers who are working on / or have completed their compliance program.