Hospitality businesses at risk of GDPR penalties

Hospitality businesses at risk of GDPR penalties

Six months since GDPR legislation came into effect in the UK, it has been revealed that hospitality businesses are risking penalties by not wiping the memory from old IT equipment.

In a survey by Probrand, 45% of workers in full- or part-time employment revealed that 45% of businesses in the hospitality industry failed to wipe the data from IT equipment they disposed of in the two months following GDPR.

The research also found that 97% of businesses surveyed did not have an official process or protocol for disposing of obsolete IT equipment and 97% of hospitality workers wouldn’t know who to approach within their company in order to correctly dispose of old or unused equipment.

While there is a concern about hospitality, it is not the only industry, or even in the top five of industries, guilty of this.

Transportation came top with 72%, followed by sales and marketing at 62%, manufacturing at 59%, utilities at 58% and retail at 57%.

“Given the amount of publicity around GDPR, it is arguably impossible to be unaware or to misunderstand the basics of what is required for compliance,” says Probrand marketing director Matt Royle. “So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.

“This is especially startling to see from businesses within the hospitality sector, where sensitive customer information including address details and card numbers are handled all the time.

“The fines involved in a GDPR breach can potentially run into the millions – and what appear to be fewer tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.

“Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.”