Beekeeper Offers Hotels 31 Point GDPR Assessment Checklist

Beekeeper, a GDPR compliant developer of a digital workplace app, is offering a “31 Point Assessment to Ensure GDPR Compliance” white paper to assist hoteliers in preparing for the European General Data Protection Regulation deadline that goes into effect May 25, 2018. GDPR protects European Union (EU) residents’ personally identifiable information against security breaches. Any hotel that does not comply is risking heavy fines.

Any hotel that operates in North America will be directly affected by GDPR. Any hotel that provides accommodations to travelers from countries in the EU must comply with GDPR. Beekeeper has already become GDPR compliant; and believes its white paper could help any hotel company still building their framework. The company's Data Protection Officer Dr. Amir Ameri compiled a list of questions to ask when going through the compliance process. The first 10 steps are listed below.

To access the full 31 Point Assessment, click here.

Beekeeper 31 Point Assessment to Ensure GDPR Compliance

1. Does your company process personal data in an EU country or of EU residents? (Personal data is any data that may be used to identify a person, including technical, genetic, cultural, mental, economic, and social information.)
2. Is your company familiar or registered with the EU-US Privacy Shield Framework (https://www.privacyshield.gov/welcome)?
3. Does your company utilize technology to detect and alert a data breach (IDS / HIDS)?
4. Does your Company maintain an inventory of all assets which process (transfer / store) personal data?
5. Are your company's personal data flow channels identified?
6. Is your company technically equipped to search for and permanently remove one individual's personal data?
7. Is the concept of "Privacy by Design" incorporated in your personal data processing products and services?
8. Do you apply a Privacy Impact Assessment in your product or service development lifecycle?
9. Is permanent deletion of personal data according to a standard such as NIST (or other)?
10. Does your company have direct access to all the systems used for their processing of personal data?

 

Disclaimer: These are the questions that Beekeeper has been using internally to assess compliance and, at the request of many colleagues, Beekeeper's CISO has been asked for his recommendations. These are not sanctioned by GDPR.

Hoteliers with questions about implementing GDPR best practices should visit Beekeeper’s GDPR Hub.