Almost half of hospitality businesses at risk of prosecution for breaching GDPR rules

By Nikkie Sutton

- Last updated on GMT

Data legislation: new rules around GDPR came into force in May 2018
Data legislation: new rules around GDPR came into force in May 2018
Some 45% of hospitality businesses have failed to wipe the memory of their IT equipment before getting rid of it, according to research.

A survey of 1,002 UK workers in full or part-time employment, carried out by IT company Probrand, discovered a large proportion of hospitality businesses had failed to wipe data from IT equipment they got rid of in the two months following the introduction of general data protection regulation (GDPR) in May this year.

The study also uncovered that 97% of hospitality companies surveyed did not have an official process for disposing of obsolete IT equipment.

Impossible to be unaware

What is GDPR?

This regulation standardises data protection law across the 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information.

The rules were reformed earlier this year (May) and enforce stronger regulation on data protection meaning people have more control over their personal data and businesses benefit from a level playing field.

Moreover, 97% of hospitality workers admitted they didn't know who to approach within their company to correctly dispose of old or unusable equipment.

The data also revealed that hospitality is one of the industries most likely to not wipe existing data from old IT equipment.

Probrand marketing director Matt Royle said: “Given the amount of publicity around GDPR, it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance."

Huge fines

The top 10 industries most guilty of not clearing the memory of IT equipment before it is dispensed of:

  1. Transportation
  2. Sales and marketing
  3. Manufacturing
  4. Utilities
  5. Retail
  6. Education
  7. Leisure and travel
  8. Healthcare and hospitality
  9. Trades/administration
  10. Information and communication

He added: “So it is startling to discover just how many businesses are failing to implement and follow some of the simplest data protection practices.

“It is especially startling to see businesses from within the hospitality sector, where sensitive customer information including address details and card numbers are handled all the time.

“The fines involved in a GDPR breach can potentially run into millions and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.

“Given these findings, it is clear more needs to be done to ensure all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.”

Related topics: Technology

Related news