In order to comply with GDPR law, Mews has reviewed internal processes and improved security to protect client data. Furthermore, we have increased user rights and we've added some additional settings to limit access to parts of the system for those that need to access only certain parts. We wrote a blog post about how GDPR is a blessing in disguise for companies and included severel tips and overviews to help the hospitality industry approach and understand it.
In order to complete our certification process, Mews has undergone a series of penetration tests to be eligible for GDPR assessment. Mews has been working on updating the Data protection specifications within our contracts to comply with the new framework. Additionally, Mews is extending our Navigator platform so that we can give guests full control of their data. Each customer will be able to log in to Navigator and see all stored personal information, including information about all integration partners to which this data was distributed. Each profile will include an option to delete all their data from Mews and also the ability to send a deletion request to integration partners. This option is only available after they have physically stayed in the hotel, as their data is required in order to process the reservation.
Properties should assign a dedicated Data Protection Officer per location or per chain. This person should be responsible for this project internally. It could also be beneficial to hire someone who can come speak to your employees about legal changes, so that your staff is trained in how to look at data privacy and inform users of their rights. Mews would additionally recommend that you conduct an internal audit of all the software you use. This is important so that you are aware of exactly who is collecting and storing personal data of guests and employees. Taking these steps will ensure that your property is compliant with all GDPR regulations. Properties are not required to submit any information to country officials, however we highly recommend that you become acquainted with your country's Data Protection Officer (DPO) in case you need to report a leak of your data. From the time that you are made aware of any identified data leaks, you will have 72 hours to respond.
Click to join our marketing list (GDPR compliant) and receive the most up-to-date information about changes and new features.