Cumberland Hotel
Delivering paper-based and online GDPR Compliance
Executive Summary
The Cumberland with 72 bedrooms is one of Eastbourne’s premier hotels, commanding a pre-eminent position on the seafront, overlooking the promenade, the Bandstand, and the Channel. Surveyed guests' and independent reviews say that the Hotel’s location is their favourite part of Eastbourne and couples rate it as 9.0 for a two-person trip on Booking.com
The Challenge
The Cumberland, like any hotel, continually takes personal details and credit card details from guests online, over the telephone and at reception. So as soon as GDPR became a ‘hot topic’, Elizabeth Rickey, the Front of Desk Manager, quickly became aware of the implications and that she would need the right advice to ensure The Cumberland could be seen to be compliant.
Having engaged Chapter Three Consulting for other needs previously, it was an easy decision to make and Tana Jackson became The Cumberland’s GDPR consultant.
The Solution
Tana audited and undertook a detailed needs analysis to fully understand all of the processes through which the Hotel conducts its business to identify areas of risk.
This revealed a number of activities which required attention. Firstly, that the Cumberland has a disproportionate number of mature guests who prefer to book traditionally by writing and receiving letters, so much of the communication was paper based. Tana also pointed out that the CCTV cameras (in capturing personal data) must be GDPR compliant too, providing the appropriate policy template to be tailored to reflect the requirement of the hotel.
Accordingly, data management planning, based upon GDPR data subject rights (e.g. opt-ins, opt-outs, subscribes and unsubscribes) and the definition of personal data was high on the list for policy definition and development.
The Results
As part of ensuring that the Cumberland was GDPR compliant online and offline, Tana also proposed a ‘clear desk and locked draws – is it safe’ policy, where all personal information can be secured or destroyed, as per data protection regulation, at the end of every working shift.
This, Elizabeth said, has been ‘a great policy’ creating other very real benefits. It has made staff far more mindful of keeping personal details safe and as a result it has encouraged everyone to be much more efficient in completing their work and putting things away.
Elizabeth Rickey, Front of House Manager
www.hotelcumberland.co.uk
Delivering paper-based and online GDPR Compliance
Executive Summary
The Cumberland with 72 bedrooms is one of Eastbourne’s premier hotels, commanding a pre-eminent position on the seafront, overlooking the promenade, the Bandstand, and the Channel. Surveyed guests' and independent reviews say that the Hotel’s location is their favourite part of Eastbourne and couples rate it as 9.0 for a two-person trip on Booking.com
The Challenge
The Cumberland, like any hotel, continually takes personal details and credit card details from guests online, over the telephone and at reception. So as soon as GDPR became a ‘hot topic’, Elizabeth Rickey, the Front of Desk Manager, quickly became aware of the implications and that she would need the right advice to ensure The Cumberland could be seen to be compliant.
Having engaged Chapter Three Consulting for other needs previously, it was an easy decision to make and Tana Jackson became The Cumberland’s GDPR consultant.
The Solution
Tana audited and undertook a detailed needs analysis to fully understand all of the processes through which the Hotel conducts its business to identify areas of risk.
This revealed a number of activities which required attention. Firstly, that the Cumberland has a disproportionate number of mature guests who prefer to book traditionally by writing and receiving letters, so much of the communication was paper based. Tana also pointed out that the CCTV cameras (in capturing personal data) must be GDPR compliant too, providing the appropriate policy template to be tailored to reflect the requirement of the hotel.
Accordingly, data management planning, based upon GDPR data subject rights (e.g. opt-ins, opt-outs, subscribes and unsubscribes) and the definition of personal data was high on the list for policy definition and development.
The Results
As part of ensuring that the Cumberland was GDPR compliant online and offline, Tana also proposed a ‘clear desk and locked draws – is it safe’ policy, where all personal information can be secured or destroyed, as per data protection regulation, at the end of every working shift.
This, Elizabeth said, has been ‘a great policy’ creating other very real benefits. It has made staff far more mindful of keeping personal details safe and as a result it has encouraged everyone to be much more efficient in completing their work and putting things away.
Elizabeth Rickey, Front of House Manager
www.hotelcumberland.co.uk