Effective 25 May 2018, the European Union will implement a new law to protect the personal data and privacy of its citizens. It has huge repercussions and non-compliance could cost businesses dearly.
Here’s what you need to know about GDPR and what STAAH is doing to be compliant. Let’s start with a broad outline of the new legislation.
What is GDPR?
General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It also regulates the exportation of data outside the EU.
Resulting from the surge of internet usage and a public concern over privacy, the old laws have been overhauled to make businesses accountable for monitoring and protecting data (primarily digital). This includes personally identifiable information such as name, address, ID numbers, location, IP address, cookie data, RFID tags, social media names, health data, political views, sexual orientation and racial or ethnic data.
Which Companies Does GDPR Effect?
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.
More About GDPR
GDPR is an extensive topic and organisations are only just coming to terms with the magnanimity of the law change. Follow the below links to find out more about this – it’s good to be aware as this change affects STAAH and almost all of our clients who reach out to EU citizens via our platforms.
What Is STAAH Doing to Become GDPR Compliant?
We are fully committed to upholding the privacy and rights of our customers and their customers as outlined in the new legislation. The technical team have been working hard to achieve compliance by the deadline – 25 May 2018. Highlighted below are some steps we are taking in this direction.
Governance Structure
- A GDPR Focus Group was established and has been assessing our platforms and processes within the framework of the new law.
- The group has been responsible for creating a comprehensive data protection framework for our customers and their customers, preparing a plan for implementation of the framework and monitoring thereafter.
- Create awareness about privacy and data protection within the organisation and drive to support client support in this direction.
Product Features Geared Towards Compliance: Extranet
- On the STAAH Extranet, anything pertaining to guest information will be encrypted.
- We are paying extra attention to the bookings module. All information will be encrypted and the module will be password protected. Once accessed, information will be decrypted.
- Data will only be kept for as long as required. We are developing a system to purge data regularly.
- We are reviewing current export function and may have to remove some information.
- Tracking of IP addresses is being reviewed.
- Logs will be also be encrypted.
Product Features Geared Towards Compliance: Booking Engine
- We will be creating a privacy policy to be displayed on the booking engine. There will be a default message, but properties will have the ability to update at their end if required.
Product Features Geared Towards Compliance: Websites
Assessment of this is still in progress. Some considerations when designing a GDPR compliant solution for websites are privacy terms and cookie policy.
Soon to Come:
- A privacy policy that clearly shows website users (STAAH/ InstantSite/ CustomSite) how data will be processed. This is done via an ‘opt-in’ button and users will have the ability to opt-out at any stage.
- Cookie policy for STAAH’s remarketing efforts.