Why is it important to comply? Our guests and clients entrust us with their personal data and expect that we have adequate policies and systems in place to ensure that their personal data is secure and not misused. It is vital that this trust be maintained as it goes to the reputation of Shangri-La. Proper compliance with personal data protection regulations such as GDPR will allow us to lawfully use the personal data provided to us to market our services and enhance the quality of services to our guests. There are regulatory penalties for breaching personal data protection regulations. For instance, companies that fail to comply with the GDPR requirements may face severe penalties , with fines up to 4% of a company’s total worldwide turnover of the preceding financial year or €20 million, whichever is higher. What have we done on a Group level to prepare? Along with implementing the GDPR requirements, we have also taken the opportunity to upgrade Shangri-La’s privacy and data protection policies to take into account the data protection laws of various other jurisdictions to establish a global standard for all our hotels and offices around the world. Our Legal Department has been working with many departments to update enrolment and guest registration forms, corporate policies, social media and security guidelines, and updating the mechanisms for collecting guest and employee data and guest consent for direct marketing. We have also developed legal terms and conditions that we require vendors and suppliers to adhere to. Our Global Learning Academy has rolled out internal training materials, videos and tool kits to educate you about GDPR and personal data protection generally. It is inevitable, however, that there will be varying local laws in different countries. Thus, if there are stricter data protection requirements under local law, local law must be complied with. What should I pay attention to on an individual level? In order to simplify your understanding of the personal data protection requirements, we have devised a set of Do’s and Don'ts Reminders and FAQs (also attached) which will provide clear guidance on how you should handle personal data in various work occasions, e.g. guest service, vendor management, and event handling. We expect every employee to comply with these guidelines. If you are a head of a department that deals with personal data (both guests and employees), it is important that you ensure that members of your department or region are familiar with these guidelines. It is also important that you familiarize yourself with Shangri-La’s own Privacy Policy and Corporate Data Protection Policy. These policies may be revised from time to time.
Made with FlippingBook - professional solution for displaying marketing and sales documents online