A survey of 1,002 UK workers in full or part-time employment, carried out by IT company Probrand, discovered a large proportion of hospitality businesses had failed to wipe data from IT equipment they got rid of in the two months following the introduction of general data protection regulation (GDPR) in May this year.
- Want to find out more about GDPR? Download the MA's guide for pubs'Getting to grips with GDPR'
The study also uncovered that 97% of hospitality companies surveyed did not have an official process for disposing of obsolete IT equipment.
Impossible to be unaware
What is GDPR?
This regulation standardises data protection law across the 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information.
The rules were reformed earlier this year (May) and enforce stronger regulation on data protection meaning people have more control over their personal data and businesses benefit from a level playing field.
Moreover, 97% of hospitality workers admitted they didn't know who to approach within their company to correctly dispose of old or unusable equipment.
The data also revealed that hospitality is one of the industries most likely to not wipe existing data from old IT equipment.
Probrand marketing director Matt Royle said: “Given the amount of publicity around GDPR, it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance."
Huge fines
The top 10 industries most guilty of not clearing the memory of IT equipment before it is dispensed of:
- Transportation
- Sales and marketing
- Manufacturing
- Utilities
- Retail
- Education
- Leisure and travel
- Healthcare and hospitality
- Trades/administration
- Information and communication
He added: “So it is startling to discover just how many businesses are failing to implement and follow some of the simplest data protection practices.
“It is especially startling to see businesses from within the hospitality sector, where sensitive customer information including address details and card numbers are handled all the time.
“The fines involved in a GDPR breach can potentially run into millions and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.
“Given these findings, it is clear more needs to be done to ensure all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.”