Hospitality businesses that have failed to wipe data from old equipment risk incurring General Data Protection Regulation (GDPR) penalties.
A survey has revealed that in the two months following the introduction of GDPR 45% of hospitality businesses neglected to wipe IT equipment before disposing of it.
The research, which surveyed 1,002 UK workers in full- or part-time employment, also found that 97% of hospitality businesses did not have an official process for disposing of obsolete IT equipment, with the same percentage saying they would not know who to approach within their company to do so.
IT service provider Probrand group, which carried out the survey, named the hospitality sector as one of the “most guilty industries” alongside transportation, sales and marketing, manufacturing, utilities and retail.
The fines involved in a GDPR breach could potentially “run into the millions”, with what would appear to be less tangible impactors, like reputational damage, customer trust and loyalty, ultimately becoming financially significant, said Probrand.
Given the publicity around GDPR, it was arguably impossible to be unaware or to misunderstand the basics of what was required for compliance, said Matt Royle, marketing director for Probrand Group.
“It is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices,” he said.