The implementation of the project IT GDPR Compliance for Hotels & Hotel Chains™ is part of the DATA SECURITY for Hotels & Hotel Chains™ consulting umbrella and accurately leads each hotel unit to the compliance of its computerization with the General Data Protection Regulation of the European Union. The structure of the work unit favours the proper implementation of tasks, reduces the likelihood of spreading mistakes and facilitates the precise determination of the different processes as quickly as possible.
IT GDPR Security Audit and IT GDPR Compliance services are provided by experienced engineers, qualified in digital control and certified in digital security. The methodologies selected for the implementation of this are products of scientific research and the applications used are based on modern high technology.
The commencement of the Compliance Circle with the General Data Protection Regulation is made by the mapping of the procedures related to Personal Data and the diagnosis of the vulnerabilities of the Hotel’s information system. At the same time, legal aid is needed. Finally, Technical and Organizational Measures for compliance with the Regulation are proposed, which are evaluated by the Administration, which decides on their implementation.
Upon the completion of the IT GDPR Compliance for Hotels & Hotel Chains™ project, the computerisation infrastructure and the procedures at the Hotel become compliant with the applicable legal framework, while the security gaps are recorded and reported. This gives you the starting point for future improvement actions.
The IT GDPR Compliance Dossier to be delivered has documented all of the GDPR processes involved that concern your computerisation, such as the finding of personal data, the detailed procedure for deletion/oblivion, the registration of a proof of the subjects’ consent and the description of the proper reaction in the event of an incident. It also brings you in touch with models of the necessary regulatory policies and the related documents that you may need.
At the end of the compliance procedure of the computerized procedures of the Hotel, the experienced IT Computerisation Consultants of HiT SA take action, who, in close cooperation with the Hotel Management, are pricing for you and undertake to implement the proposals submitted in the previous stage for the improvement of your network security.
As a result of the IT GDPR Compliance stage, the computerisation infrastructures and procedures become compliant with the applicable GDPR Regulation while any security gaps – either for objective reasons or by business choice – are recorded or become known. This provides you with the starting point for future actions for the improvement of the procedures security.
Upon the completion of this project, a Dossier is prepared having recorded all the required procedures pursuant to GDPR concerning your computerisation such as the finding of personal data, the detailed procedure for deletion/oblivion, the registration of a proof of the subjects’ consent and also the description of the reaction in the event of an incident.
ΙΤ GDPR Security Audit Service
- Audit – Recording of findings
- Reporting risks related to findings
- Vulnerability Assessment
- Classification of findings depending on the vulnerability
- Classification of findings depending on the rehabilitation cost
- Recording actions for IT GDPR Compliance
External Penetration Test Service
- Port Scanning – Vulnerability Assessment – Penetration Test
- Report findings classification and treatment suggestions
Internal Penetration Test Service
- Detection of vulnerabilities and their evaluation based on automated tools
IT GDPR Compliance Service
- Data Inventory – Data Mapping
- GDPR GAP Analysis
- Data Privacy Impact Assessment
- Data Security Policies & Procedures
- Preparation of the “IT GDPR Compliance” Dossier to be delivered
IT GDPR 365 Service
Repeat the “IT GDPR Audit” – “IT GDPR Compliance” circle to update the “IT GDPR Compliance” Dossier whenever this deems to be necessary and at least once a year.
Legal Aid Services
In the context of providing the most comprehensive Hotel Compliance Program with the provisions of the General Data Protection Regulation (GDPR), HiT exelixis S.A. constantly collaborates with an independent team of distinguished lawyers with extensive experience and expertise in the Legal Framework related to Data Protection and in the Law of Information Systems.
In case of an existing cooperation of the Hotel or the Group with lawyers, the possibility of consulting cooperation is still in force.
User Security Awareness Service
User Security Awareness service aims to train your staff and improve their behaviour as technology users to reduce the chance of security incidents.
The aim is to provide information on the possible risks, the impact that security incidents may have, and in particular instructions for using computer infrastructures. Emphasis is placed on BYOD services, mail management, Internet access, password management, file & mail encryption, network-to-computer connectivity and file management.
The service includes the following steps:
- Analysis of the existing behaviour of the users and the way the business operates
- Two-hour “GDPR Awareness & User Security in a Hotel” seminars addressed to the Company’s staff, accompanied by the provision of printed informative material to the participants and self-assessment / evaluation questionnaires for the understanding of the key points and concepts of the GDPR.
- Distribution of material with instructions and advice
- Training of the company managers for additional training and user monitoring.
For a more general picture of the Regulation and the philosophy of the GDPR COMPLIANCE for Hotels & Hotel Chains™ project, you can watch this Slideshow.
If you wish to receive your own, personalized, Financial Offer for the project of your Hotel’s technical compliance with GDPR, please contact us at gdpr@hit.com.gr.