(+34) 960 80 0 359 info@cerium.es

Tourist establishments increasingly handle a greater number of data and personal information of their guests. The introduction of new technologies. is doing nothing more than increasing the volume of sensitive data and ensuring optimal Data Protection in hotels it has become a key aspect for both management and IT teams.

What data do hotels obtain?

Hotels fundamentally obtain data through reservations, but new technologies are being incorporated that can request data from different guests or visitors to a hotel. In all these cases, it is always essential to request the user's consent.

You may also like: Technology for hotels: why trust specialized companies

What regulations regulate data protection in hotels?

  • The General Data Protection Regulation (GDPR), which is applied at the European level.
  • The Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD, which involves an adaptation of European regulations to the Spanish framework.
  • The Law on Services of the Information Society and Electronic Commerce (LSSI-CE). This regulation regulates the provision of services and products through websites or electronic commerce.

How to comply with data protection in hotels?

The following actions will allow you to be within the limits of data protection legislation.

  1. Record of treatment activities
  2. Explicit consent of customers for the processing of their data
  3. Agreements and confidentiality contracts with employees
  4. Notification of possible security breaches linked to data protection
  5. Impact evaluation
  6. Incorporate all legal texts to the web
  7. Run risk analysis
  8. Have a Data Protection Delegate within the company

cerium wifi hotspot promo

How to improve data security in hotels?

What elements can I not ignore to strengthen data security? Why should I go one step beyond the legal framework to ensure maximum protection against cyber attacks? Keep reading.   

Today, the responsibility of the hotelier must be placed above the law itself, which, as we know, advances at a slower pace than technology within the hotel sector. The hotel manager must maintain a diligent attitude and put all the means at his disposal to ensure the security of the data of the guests, an aspect that is increasingly valued by them when choosing a hotel and that without a doubt reinforces the brand image of the company.

A security breach in data protection can have catastrophic consequences for hotel companies. Some of them are damage to customer trust, brand reputation or significant legal and financial penalties. Are you willing to take these risks?

Below, we share some essential security points that cannot be overlooked in hotel management.

data protection in hotels

Main security measures for data protection in hotels

  1. Perimeter security y firewall.
  2. Robustness of the Passwords.
  3. Training of the team in terms of cybersecurity.
  4. correct configurations of user permissions on systems.
  5. securitization of endpoints, understanding endpoint as workstation or server.
  6. Application of double safety factor in access to services, especially those hosted in the cloud.
  7. Politics of update of software, both at the level of applications and operating systems.
  8. Subdivision of the network according to type of service. For example, the network of employees must be separated from that of clients or systems.
  9. Periodic revision of the state of security in the company through cybersecurity audits.

“In general, it should limit system exposure, since less exposure reduces the risk of attack. In the event of a security breach, a reduction of permissions will limit the malicious actions that the attacker can perform within the systems and a deep fortification will protect us from any attack both from outside and from within the network”

Manuel Pérez, CIO of Cerium Technologies.

We know that the legal and the technological always tend to be at odds in the field of hotel management. We know the legal framework with the Organic Law on Data Protection in hotels or the most recent GDPR, but are the management and IT teams sufficiently aligned to respond quickly to any cybersecurity problem? 

The importance of accountability

Accountability or "accountability" is a concept associated with the responsibility to comply. This principle of accountability implies making a company transparent, accrediting the actions and decisions adopted in all areas of its management and assuming binding responsibilities. 

In terms of data protection, according to the Spanish Agency for Data Protection, with this term refers to the "proactive responsibility" which is "responsibility that companies have in the application of technical and organizational measures aimed at guaranteeing and fulfilling their obligations in terms of data protection. Establishing internal and external mechanisms to assess its reliability and demonstrate its effectiveness when requested by the control authorities”.

In the current context of digitization, it is important to point out that Accountability is very relevant, but even more so in the hotel sector due to the intensive use of new technologies (which, due to their novelty or lack of knowledge, may not yet be regulated) and Internet services who manage the hotels

In this sector, being of maximum risk regarding the theft of customer data by specialized criminals, it is very necessary to be proactive and adopt preventive measures to guarantee compliance with the law and the rights of users in the field of privacy.

Therefore, to guarantee the obligations imposed in terms of data protection in hotels, it is not enough to have a culture of regulatory compliance, internal alert systems or procedures are required to minimize risk, in addition to continuously reinforcing the protection of that data. (Cybersecurity), to minimize the chances of unauthorized access to that information.

“In short, accountability requires the positioning of the entire hotel organization with a proactive mindset in compliance with current legislation in general, especially in the field of personal data protection, applying the necessary security measures that they are in their power to achieve it”.

John Anthony Just, Managing Director Cerium Technologies.

GDPR in hotels

According to articles 24 and 32 of the RGPD, the data controller (the hotel company) has the obligation to guarantee the security of the personal data that it has collected from its clients, applying at all times the necessary measures to avoid any damage. (“proactive responsibility” or “accountability”), responding for the damages generated by the incidents with that data. 

This implies being responsible and applying safety measures. ciberseguridad that exist in the market to protect the data of their clients. Hotel establishments must be reasonable in terms of the budget for this item, in addition, the costs of implementing these technologies are currently reasonable.

Hoteliers must understand that although the standard offers a certain freedom for the processing of personal data, this freedom must be compensated by putting the necessary technical security means and making the correct, justified, accredited and mandatory decisions.

En Cerium As technological integrators and experts in hotel cybersecurity, we implement technologies with a 360º vision, where security is understood as one more leg for the success of any technological project.

Fill out this form and we will advise you on everything you need to ensure that your hotel data is protected: