It’s that time of year again when many of us are heading off on our summer holidays for some relaxation but how safe is our personal data in the hands of the hotel we stay at? You would expect Marriott, as the world’s third largest hotel chain, to have secure systems in place to protect customer information. However, the ICO have issued an intention to fine Marriott £99 million, following a cyber incident which resulted in the exposure of 339 million guest records, 7 million of which related to UK residents. The ICO found that Marriot did not carry out sufficient due diligence and did not do enough to secure its systems and were, therefore, in breach of the General Data Protection Regulation (GDPR).
It’s a scary thought that such a huge, well established organisation could fail to take adequate measures to safeguard personal data. That said, it’s not just large, well-known corporations that are subject to the GDPR. The requirements imposed under the GDPR apply just the same to small organisations and start-ups as they do to the billion-dollar businesses which have been in existence for a long time. If you are running a company that processes personal data, whatever the volume, you MUST ensure that appropriate security measures are in place.