Identify the major challenges for the industry to achieve compliance, as well as the stakeholders involved;
Provide guidelines to enable the industry to assess their specific needs to achieve compliance on time;
Define the specific features of a Hospitality Data Protection Officer (HDPO) job role, and resulting from this, propose the structure of a HFTP HDPO certification;
Establish a communication policy to create awareness within the industry.
From the client´s perspective: How to obtain the specific, informed consent required by GDPR while avoiding overwhelming the customer with large forms and excessive questions.
From the operation´s perspective: How to comply with GDPR requirements of purpose, accessibility, availability and security of the personal data. How to identify, locate, modify and/or delete client´s personal data from the operators' systems
From the organization´s perspective: Identify the extent of client´s consent in multi-stake operations
Stakeholders: systems vendors (PMS, CRM, etc); distribution and marketing; loyalty programmes
Identify responsibility of the management of personal data in multi-stake operations: Owner/operator and owner/operator/franchisor Multi-brand operator and multi-brand owner
Assess the GDPR impact in management contracts and franchise agreements
Personal data export: GDRP impact on multinational companies operating within and out of the EU limitations to data export
Categorize third parties within hospitality arrangements according to the GDPR law (controller/processor)
Third party vetting: processes to ensure that third parties comply with the law
GDPR compliant privacy policy
Compliance with GDPR outside EU
Who needs a DPO? Considering the wide range in size, footprint and characteristics of the different parties in hospitality (including hotels, restaurants, clubs, etc.).
List of definitions: controller and processor, entity, privacy impact assessment, privacy by default, etc.
Profile of the DPO for hospitality: What profile is best for a hospitality DPO? Conflicts of interest — who can and who cannot be a DPO ?
Job Description of the HDPO
Specific features of the HDPO versus a generic DPO
HDPO certification and structure
Design a registration card
Diagrams of personal data flow in the different type of organizations
Examples of data flows
Examples of Hospitality Project Management
HDPO job description and executive summary review
List of conflicts of interest
List of reporting lines
Examples of certifications
List of definitions
Create a standard template for (PMS) vendors to request progress details towards GDPR compliance:
Privacy Policy that is GDPR compliant