Hotel Quality Systems Limited | GDPR
473
wp-singular,page-template,page-template-full_width,page-template-full_width-php,page,page-id-473,wp-theme-bridge,wp-child-theme-bridge-child,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-16.1,qode-theme-bridge,wpb-js-composer js-comp-ver-5.4.7,vc_responsive
 

Hotel Quality Systems Ltd

Hotel Quality Systems Ltd
collaborates with the largest consultants in Information Systems Security solutions, who are certified in G.D.P.R, apply ISO 27001 and the ADAE Regulation.

IN REFERENCE TO THE GENERAL DATA PROTECTION REGULATION (G.D.P.R.)

With this report, we would like to inform you about the General Data Protection Regulation (G.D.P.R.) 2016/679 of the European Union, which concerns Hotel Businesses / Organizations. These entities must take the necessary measures and implement solutions for the Protection of Personal Data of Natural Persons (all citizens of the European Union).
In the event that your Hotel Business / Organization is required to implement the GDPR, this must be carried out as soon as possible, as the GDPR was adopted on 27/4/2016 and has been in mandatory effect since 25/5/2018.

Additionally, the implementation of the GDPR requires a significant amount of time for the GDPR Compliance Study and GDPR Implementation, which varies depending on the activity, procedures, and existing infrastructure of each Hotel Business / Organization.

TECHNICAL PROJECT DESCRIPTION

The project follows the following implementation phases within the scope of the Regulation in the hotel environment:

Indicative examples of the Regulation’s application in the hotel’s daily operations include:

  •  Management of all types of data related to guests upon their arrival at reception
  •  Management of personal data of partners
  •  Management of staff and payroll data
  •  Searching information in databases
  •  Sending informational emails
  •  Document destruction
  •  Publishing photographs
  •  Storing IP addresses
  •  Partner management
  •  Data transfer within agreements for the execution of specific purposes such as reservations
  •  Supplier management

Supplier management:

First, after sending a questionnaire, a real assessment and recording of the current situation of the hotel (Gap Analysis) is conducted, including the entire environment it communicates with and operates within.

More specifically, we document through the electronic systems available, such as software programs at Reception-Reservations, M/C at Front Office, and B/O at Accounting for monitoring Suppliers, Payroll of Personnel, etc., the proper use and communication. Finally, through the hotel’s website, we examine the use and updating of internet allotments via Channel Manager & Booking Engine for direct bookings on the hotel’s website.

Additionally, any communication with former and new customers through the customer’s historical archive, the use of credit cards, as well as any other payment methods involving the hotel and the staff involved, both domestic and foreign guests, and methods of financial transactions with them, are reviewed regarding the proper application of the G.D.P.R.

We identify the involved personnel and their responsibilities, as well as the accountability of each in the flow chart and job description with recorded tasks

We review individual contracts and private agreements of employees at the hotel.

The method of use and monitoring of Health – Sickness booklets is checked.

Finally, we examine the use of hidden cameras, videos, etc., which are included in a detailed (checklist) 22-point list that we incorporate into our study for training and guidance through procedures, work instructions, and documentation of the GDPR System, as described in detail in the Company’s Manual.

STAFF TRAINING PROGRAM FOR HOTEL BUSINESSES AND THE IMPLEMENTATION OF GDPR.

Target Audience:

Addressed to executives involved in the collection, processing, transfer, use, and storage of Corporate Data (customers, personnel, etc.), to management staff (accounting managers, human resources, marketing, customer service, internal audit, compliance, legal department, etc.), to IT personnel, and to those involved in the design, monitoring, and evaluation of Data Protection and Security, as well as the operation of the IT Systems of the Hotel Business.

Thematic Units

Introduction to the Regulation (GDPR)

  • What are Personal Data
  • Why Data Protection is Necessary
  • Reasons for Data Protection in Businesses
  • Key Roles in Personal Data Protection
  • Terms and Scope of the Regulation

 

Analysis of the regulation

  • Principles of Personal Data Processing
  • Rights of the Data Subject
  • Supervisory Authorities – Cross-border Data Processing
  • Code of Conduct and Certification
  • Complaints – Responsibilities – Sanctions

 

Compliance system with the regulation

  • Design and Implementation of a Compliance Program
  • Main Technical and Organizational Measures for Data Protection
  • Recording – Risk Assessment & Impact Evaluation
  • Implementation of Protection Plans (Policies and Procedures)
  • Critical Success Factors and System Improvement

 

DATA PROTECTION OFFICER (DPO)

  • The Role of the DPO
  • Duties and Obligations of the DPO
  • When a DPO is Required
  • Qualitative Characteristics of the DPO​

 

DURATION: 8 TRAINING HOURS