Dr Ian Gauci and Dr Michele Tufigno recently gave an information session to the hotels and restaurants industry on the implications of the General Data Protection Regulation (GDPR) on their businesses and operations.
During the session organised by the MHRA, Dr Gauci reflected on the principles of the GDPR and how the introduced changes to the data protection regime, particularly the rights of data subjects, will impact the hospitality industry in its day-to-day operations. He discussed the requirement to appoint a Data Protection Officer (DPO) as well as the importance of conducting data mapping and privacy impact assessments. Dr Gauci also highlighted the importance of data security and data breach management, when a data breach is to be reported to the Data Protection Authority (DPA) as well as communicating the breach to the data subject himself. Finally, he analysed the importance of Privacy by Design and Privacy by Default.
Dr Tufigno on the other hand spoke of the impact of the GDPR on the way businesses handle employee data. As the quantity of data being exchanged has increased considerably in the digital age, the reality of increased access to data and an increased possibility of breaches or losses of data, reflects the need for more enhanced data protection measures. Dr Tufigno discussed the legitimate interests of employers in processing data related to employees’ activities and the important principles of consent, transparency and right to access, as well as proportionality and minimisation. He finally analysed the different ways in which the hospitality industry can bring itself in line before the May 2018 deadline for the implementation of the GDPR.
For more information on Data Protection and the legal implications and requirements of the GDPR, please contact Dr Ian Gauci on igauci@gtgadvocates.com or Dr Michele Tufigno on mtufigno@gtgadvocates.com
Disclaimer: This article is not intended to impart advice and readers are asked to seek verification of statements made before acting on them.