Any hotel brand and property that deals with EU resident data is affected. — Source: Beekeeper

The EU is taking personal data security to new levels with the new General Data Protection Regulation (GDPR) set to go into effect on May 25th of next year. This leaves global hotel businesses approximately ten months to set their data privacy and security policies in line with the strict GDPR compliance or face crippling fines of up to 4% of annual global revenue or €20 million Euros, whichever figure is greater.

Because of the EU-U.S. Privacy Shield approved by the EU Commission and U.S. Department of Commerce in 2016, U.S. companies will be held accountable to GDPR compliance standards and can be prosecuted in European courts, leaving U.S. companies exposed. Despite GDPR's quickly approaching enforcement date, it is reported that a surprisingly large portion of executive officers in the U.S. remain in the dark about the level of exposure and dire fiscal impact GDPR could have on their businesses.

Amir Ameri, VP of Global Risk & Compliance at digital workplace technology company, Beekeeper, has compiled a list of 31 essential questions every global business leader must ask themselves to assess their company's readiness to meet GPDR compliance before May 2018.

"Executives now face a sprint of thorough internal evaluations to revamp policies around the collection, storage, or usage of EU resident personal data. The financial implications of breaching GDPR are astronomical," says Ameri. "We recommend mapping all data assets and appointing dedicated Data Protection personnel on a full-time or contract basis to properly oversee the adoption of high-caliber data protection processes and technologies."

On the heels of the EU-U.S. Privacy Shield designed to protect the transfer of personal data from Europe to the U.S., GDPR will have serious impacts that will cause a ripple effect worldwide - especially the travel and tourism industry. Hospitality companies not only need to be aware but also take the proper steps to meet GDPR compliance standards. Gabrielle Griffith, Director at compliance consultancy BPE Global, stresses the importance of internal due diligence across your organization ahead of GDPR's enactment.

"Any company doing business with EU entities is affected," Griffith states. "For example, global companies that maintain a website to solicit sales from potential EU customers will be subject to GDPR requirements."

Furthermore, Griffith urges global organizations to see these regulations as an opportunity to elevate and align Corporate Compliance.

"We challenge global companies to look at the new GDPR regulations as an opportunity to align Corporate Compliance at a high level. There are several sectors of international compliance for global companies: trade, antitrust, anti-corruption…GDPR compliance is the newest learning curve," Griffith says. "Global companies need to scale and train immediately to ensure seamless GDPR compliance come May 2018. Companies must develop an offensive strategy that streamlines all areas of your company's compliance."

With GDPR's compliance deadline just around the corner, it is crucial that all global companies demonstrate rigorous investment in the personnel and policy changes required to securely store and manage personal data. A cross-organizational security assessment will not only keep your business GDPR compliant, but also work to reduce the risk of a future breach.


Beekeeper empowers frontline businesses and their workers with the digital solutions they need to do their best possible work. Founded in 2012, Beekeeper's mobile-first platform was designed and built for deskless employees who — despite representing 80% of the global workforce — have been chronically underserved when it comes to workplace technology. With Beekeeper's Frontline Success System, companies can automate paper-based processes, communicate with employees in real-time from anywhere, and improve the engagement, productivity, and safety of frontline teams.

Website:, Blog:, LinkedIn

View source