When you use specialist technologies or services as part of your work with personal data, you will often appoint them as “data processors” working on your behalf. You are the data controller responsible for what they do.
These vendors and the processing they do on your behalf need to be carefully managed. The Data Protection Act/GDPR holds you accountable for everything involved and requires an agreement between you as the data controller and each of your chosen data processors.
The Tricky Bit
The tricky bit, for most hotel businesses, is that hotels use a LOT of data processors.
You are good at what you do but with the best will in the world, you’re not so good at managing the technologies involved. Things like email servers, website servers, property management systems, booking engines, accounting software or channel management systems, to name but a few.
Yet your hotel needs all of these things if you are going to survive. How do you stay on top of your responsibilities towards the personal data these systems process? How do you prove your accountability? How do you protect yourself from processing problems which are not of your making?
Manage Your Vendor Risks
The more data processors you use, the more risks you assume. How do you identify and manage these today? Do you have an understanding of them at all? I’m not being cheeky, there is a lot to know and few vendors go much out of their way to look after your interests.
To discover more about getting to grips with your vendors, talk to us about outsourced vendor management.