The hotels we choose to stay in know a great deal about us. From a hospitality standpoint, that's supposed to be an excellent state of affairs: the sooner a guest's needs can be anticipated from past experience, the smoother their overall stay and the greater the likelihood of their visiting in the future. From a legal standpoint, however, this can be problematic.
"Hotels store all kinds of confidential guest and employee information," says Susanne Hofmann, a director and legal compliance leader at PwC Switzerland. "That includes the guest's home address, their favourite newspaper, special dietary habits and strictly confidential data from employees, such as health restrictions."
Operators put this data to good use, whether in the overall improvement of their services through statistical analysis or personalising stays for individual guests. In doing so, however, hospitality firms need to be scrupulous in how they acquire, store and use this data. Come May 2018, they will have to comply with stricter regulations in the form of the General Data Protection Regulation (GDPR). First adopted in 2016 by the European Commission with a two-year transition period, the new guidelines will harmonise disparate national data laws across the EU while broadening the definition of personal data and expanding individual rights.
"At its core, GDPR will regulate the handling of the personal data of customers and employees in the EU," explains Hofmann. "At the same time, the new laws will give concerned persons, or so-called data subjects - this means customers but also employees - affected by data processing more rights to request access to their data and to receive information about specific data processing."
In short, any company that holds personal data - including hospitality firms - will have to clearly inform consumers and employees why they're acquiring the data, what they're going to do with it and how it is going to be stored. Hotels have found themselves particularly exposed under GDPR. With so many points of contact between guests and hotel employees, the risk of an inadvertent release of personal data under the new rules is comparatively high. Non-compliance with the new laws could result in fines of up to €20 million or up to 4% of a company's total global revenue - whichever, as the regulation makes clear, is higher.
"Staff are often seen as the weakest link in an organisation," says Hofmann. "It is so easy to disclose personal data and, in doing so, violate GDPR." Suitable awareness training is therefore key to ensuring that hotel operators remain on the right side of incoming data protection laws. PwC has partnered with Lobster Ink to deliver a new enterprise-class solution that provides hospitality staff with the expertise required to comply fully with GDPR.
"The platform represents a new approach to learning and development, where video content and technology work hand-in-glove to deliver a more engaging and efficient learning experience," explains Hofmann. "With more than a decade of hospitality training experience, the platform is designed with the learner in mind, supporting on-the-job training across any device, anytime, anywhere."
Lobster Ink's platform incorporates action-oriented reporting, so that management can monitor their teams' performance through the platform's 'Engage, Progress, Perform' measurement framework. Management are also provided with their own dashboard that delivers contextual insights and notifications for proactive management, while students benefit from learning paths that can be carefully curated to deliver on specific learning objectives. Multiple translations allow learners to use the platform in the language of their choice.
According to Hofmann, Lobster Ink's learning platform allows hotel staff to bring themselves up to speed with the new data protection regulations in a straightforward, positive learning environment. "Combining PwC's extensive data protection and industry knowledge with Lobster Ink's next-generation training platform, the partnership creates a trusted solution for any organisation needing to improve the EU GDPR compliance capability of their staff," she says.