This month the EU is undergoing one of the largest changes to data protection laws in the past 20 years. The General Data Protection Regulation (GDPR) will come into effect on the 25th May, and Caribbean hotels must be ready to meet these regulations to ensure they avoid potentially significant fines.
The GDPR is designed to strengthen data protection for all individuals within the EU. Importantly for Caribbean businesses, it covers personal data collected and stored outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business. In short, GDPR compliance is required by every Caribbean hotel that takes bookings from EU residents that made their bookings in their native countries.
Organisations that process an individual’s data incorrectly, don’t have a data protection officer, or suffer from a security breach, can be fined by the EU. Smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater), and larger offences could result in fines of up to €20 million or four per cent of a firm’s global turnover (whichever is greater).
To find out more information about becoming GDPR compliant, or to register your staff for a certificated half-day compliance workshop approved and endorsed by the Institute of Hospitality, please visit: https://springboardcaribbean.com/GDPR