New York City and the GDPR: What You Need to Know as a Hotelier
For hoteliers in New York City, which hosts millions of international leisure and business travelers from European Union (EU) nations, the new General Data Protection Regulation (GDPR) that went into effect in May could greatly impact the data obtained from these overseas guests.
The GDPR is the primary law regulating how companies protect EU citizens' personal data. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines, according to the GDPR Information Portal.
Some of the key privacy and data protection requirements of the GDPR include: requiring the consent of subjects for data processing, making collected data anonymous to protect privacy, and providing data breach notifications. According to the portal, "the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data."
Hotels and management companies, particularly in a city like New York that attracts a lot of international visitors from EU countries, need to carefully store data or face potential financial consequences, said Vijay Dandapani, president and chief executive officer of the Hotel Association of New York City. Guests can opt out and ask to have their information removed from your database, and hotels will need to comply with this. Hoteliers also need to pay close attention to the storing and securing of potentially sensitive data from guests.
"Any traveler, international or not, wants to feel comfortable and safe sharing their information with a hotel," said Tom Xavier, chief executive officer of Endeavor Hospitality Group LLC, a New York City-based hotel developer that is building three properties in the Big Apple. "Everyone is protective of their information, and we will always need to get basic information on our guests - but we have to be careful how that is used."
Pete Sena, founder and chief executive officer of Digital Surgeons, a New Haven, Conn.-based global innovation and experience design company, noted: "I believe that the largest impact that the influx of foreign travelers coming into the Big Apple is going to have, is on the hospitality and hotel industry’s ability to buy or use data to personalize ads and consumer experiences and the ability to contextualize information. Pre GDPR, data was the digital wild, wild west - where one could capture a number of data points on people without their having to opt in."
But now, all that has changed. The best way to remain compliant, Sena advised, is for companies to be transparent with guests in their collection of data and how they use that data to improve the customer experience.
He added: "The collection and use of this data is how companies are able to target potential consumers. The influx of foreign travelers, in the context of GDPR, might affect the pre-booking experience."
New York hotels may not be able any longer to personalize and target the foreign business traveler with digital ads, Sena noted. They may need to depend more on their loyalty programs, and offer benefits for their users that provide them with more data.