GDPR – Hospitality Edition

Detailed Description

Tourism is the country’s heavy industry. Its development is directly linked to the provision of personalized services to customers.

The protection of customer privacy is now an important factor in the overall customer experience in the field of Tourism. Effective implementation of the GDPR is crucial in this direction, but at the same time creates a strong business advantage.

In this context, the provision of personalized services requires knowledge about the customer’s preferences, knowledge which will come from the collection and analysis of a large amount of data from every point of contact between the customer and the company (e.g., physical presence, internet, social media, platforms). In all of this, the requirements of the GDPR should also be considered.

For hotels to be able to maintain and increase their clientele, they should invest in solutions and services with the help of which they will provide a high level of personalized service while taking care of the security of their customers’ personal data.

Duration: 16 hours

What does the Training Program provide ?

• UNITS OF THE TRAINING PROGRAM
• Understanding of the requirements and actions that must be taken in the Hospitality sector Businesses, from the General Data Protection Regulation – GDPR
• What are the personal data (simple and special categories).
• Understanding of the articles of the regulation and their practical application in the hospitality industry.
• Categories of data subjects, their rights and their exercise.
• Children’s data and its management.
• Transfers to third parties within and outside the EU.
• The role of the controller, processor and joint controller.
• Categorization of suppliers and partners and the obligations for each category. Contracts, confidentiality agreements and conditions for the right choice.
• The impact assessment (DPIA). Principles of training and the importance in practice.
• The role of the DPO and effective cooperation with him.
• Consequences of non-compliance and fines.
• Data managed by industry businesses
• Following the “steps of the customer” and their connection with GDPR requirements (reservations, reception, room service, participation in activities, purchases in the hotel, etc.)
• Consent and other lawful bases of processing
• The processing of special categories of data (children, habits, health issues, nutrition, preferences, etc.)
• Recording and categorizing the data and updating it
• Data Retention. Categories / conditions
• Understanding of Technical & Organizational Measures in the industry
• Practical application of Confidentiality, Integrity, Availability, and consequences of their non-application
• Information security
• The use of technologies (within the company, third parties, in the cloud, services as a service) and the requirements in relation to the regulation
• Use of platform for reservations, for promotion, on-line payments, etc. Obligations and requirements
• Principles of risk assessment
• Video surveillance systems
• Insurance coverage (cyber insurance)

What Is the Participation Procedure ?

• Contact us via e-mail at: tuvacademy@tuv.al
• Complete the application form
• Book your participation
• We will follow the whole process from start to finish.

Who Do I Contact for the Certification ?

Phone: +355 4 45 00 523/4

Email: tuvacademy@tuv.al