PassportScan LTD. - gdpr https://www.passportscan.net/tags/gdpr en WE WILL INVEST IN CYBERSECURITY https://www.passportscan.net/we-will-invest-cybersecurity <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.passportscan.net/sites/default/files/styles/blog/public/field/image/Image_2_Blog_We-Will-Invest-in-Cybersecurity.jpg?itok=mlQBor4G"><img typeof="foaf:Image" src="https://www.passportscan.net/sites/default/files/styles/blog/public/field/image/Image_2_Blog_We-Will-Invest-in-Cybersecurity.jpg?itok=mlQBor4G" width="600" height="338" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><strong>George Stergakis, IT Manager, Chatzilazarou Group: "We will invest in cybersecurity in 2019"</strong></p> <p>Information technology and new technologies play a key role in the development of the Hatzilazarou Group, as evidenced by the intriguing discussion NetFAX had with George Stergakis, IT Manager of the hotel group.</p> <p>"In 2018 - July - the sixth hotel of the Group, which implemented a fiber-optic network, opened its doors, building a 10G backbone serving IP telephony, video streaming, IP TV, IP surveillance, access control, WiFi and Internet automation," says G. Stergakis. Everything goes well beyond this network, which contributes to providing a "more up-to-date and better customer service, as well as increased staff productivity". Project planning started in the second half of 2017 and was completed in April 2018, and was implemented by Smart NS. It is noted that the Group is a strategic partner of Cisco - 90% of its information infrastructure is Cisco - and within this was also installed in the new hotel Cisco solutions (IP telephony, switches, servers, etc.).</p> <p><strong>Smart Hotel</strong> The new hotel (Mayia Exclusive Resort &amp; Spa) ran a building automation project, co-ordinated by the IT department, a project that will form the basis for what will follow this year: "What we are working on now and will be very busy in 2019 is the integration of automation that already exist with mobile apps. This means, for example, that the customer will be able to turn off the lights in their room or view the room temperature from their cellphone. "This project will only run on the new hotel with the required infrastructure, and if it goes well - "the signs are very encouraging so far" - it will be applied to any hotel renovations the Group will make in the future. The new hotel will run another complex project this year on infrastructure integration - the problem with other hotels is that they do not currently have the required automation infrastructure, though they intend to apply integration in the future. “All of our databases are in the hotel program, which is the core of our business.</p> <p>From there all the 'bridges' with all other systems are made. All we want to do is integrate them by, for example, enabling our customer to check-in when downloading our hotel app on the mobile to gain full access and control over his room. "<strong>GDPR and security enhancement</strong> While the smart hotel project will be confined to the Mayia Exclusive Resort &amp; Spa, dealing with <strong>GDPR</strong> and enhancing information security are projects that will run throughout the group. "We want to maximize the security of our information systems, we are at a point where we see gaps and are improving, and we may work with a specific company to do penetration testing - at the same time working with <strong>GDPR</strong> as well as with <strong>GDPR</strong>. staff training in security awareness ”stresses G. Stergakis. As part of enhancing information security and harmonization with the <strong>GDPR</strong>, another major project is underway, which will run across all group hotels: "We will provide special scanners, such as those used at airports, which are 100% <strong>GDPR</strong> compliant and will allow us to 'scan' our clients' passports. This will then be automatically imported into our hotel program, speeding up the procedures significantly. " The solution chosen for this purpose is <strong>PassportScan</strong>, a solution whose official representation in Greece was recently undertaken by Eurotel Hospitality.</p> <p>Finally, another issue that the Hadjilazarou Group's IT department will address this year is its involvement in the design of the Group's new hotel, which will open in Kiotari, Rhodes, and is expected to be ready in 2020 or 2021. The group is constantly developing and investing, with IT continuing to play an essential supporting role in this and in the future.</p> <p>Fuente: <a href="http://www.netweek.gr/default.asp?pid=9&amp;la=1&amp;cID=4&amp;arId=39611">http://www.netweek.gr/default.asp?pid=9&amp;la=1&amp;cID=4&amp;arId=39611</a></p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-hidden"><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/cybersecurity" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">cybersecurity</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/gdpr" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">gdpr</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/technology" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">technology</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/smart-hotel" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">smart hotel</a></div></div></div> Thu, 05 Mar 2020 10:54:27 +0000 admin 133 at https://www.passportscan.net https://www.passportscan.net/we-will-invest-cybersecurity#comments WHY GDPR COMPLIANCE IS IMPORTANT? https://www.passportscan.net/why-gdpr-compliance-important <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.passportscan.net/sites/default/files/styles/blog/public/field/image/Image_2_Blog_Why%20GDPR%20Compliance%20is%20Important.jpg?itok=N1AadV60"><img typeof="foaf:Image" src="https://www.passportscan.net/sites/default/files/styles/blog/public/field/image/Image_2_Blog_Why%20GDPR%20Compliance%20is%20Important.jpg?itok=N1AadV60" width="600" height="338" alt="" /></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><strong>HOW PASSPORTSCAN CAN HELP YOU IN 5 STEPS.</strong></p> <p>The GDPR gives power back to the consumers by forcing companies to become transparent in how they are collecting, storing, and sharing their customers’ personal data information. Although the GDPR applies to any organization or business collecting data on EU citizens, the nature of hotels and the various data holding sources such as OTA bookings and PMS systems escalate the regulation for travel and hospitality industries.</p> <p>PassportScan is complying with GDPR to ensure the privacy settings, adequately integrated, allowing our clients/partners to adapt at every stage of the life cycle of customer personal information data.</p> <p>All rules that hotels must follow also apply to the software they use. If a hotel uses a product to process its data, that product must adhere to all the same obligations that the hotelier has. Every single vendor who receives personal data from a hotel must share a Data Processing Agreement (DPA) with the hotelier to confirm that the vendor is compliant with the rules of the GDPR. The DPA must dictate the purposes for which the processor is processing the data.</p> <p><strong>HOW CAN PASSPORTSCAN HELP?</strong></p> <p><strong>1.- Deletion of Periodic Data: </strong>In order to ensure that the personal data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review. </p> <p>PassportScan can be easily set up from the controller/processor to delete automatically the data captured in a certain interval time. In order to ensure that the personal data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review. </p> <p>After 24 hours the image of the ID and other sensitive data can be darkened in PassportScan. Any explicit request to completely erase the guest's data will bring to a total deletion of the customer data/images in PassportScan. </p> <p><strong>2.- Consents:</strong> The controller, login as ADMIN in PassportScan, can add any kind of text that the guest can accept/deny, ticking a box on the tablet and signing. Normally one text is the mandatory one (required from the local law/institutions) the rest can include any kind of policy not specifically related to privacy (ex. indemnity for credit card payment, bike rent, smoking, etc.). </p> <p>All the text can be completely customised following any specific requirements of the hotel on privacy. The texts can be uploaded in two languages (normally the country language as primary language and English as the second one).</p> <p>Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means or an oral statement. </p> <p>This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.</p> <p><strong>3.- Protecting Sensitive Personal Data:</strong> In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption. Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. In assessing data security risk, consideration should be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage.</p> <p>PassportScan guarantees a high level of security, protecting all the data captured through advanced encryption (Blowfish+).</p> <p><strong>4.- Right To Be Forgotten:</strong> Modalities should be provided for facilitating the exercise of the data subject’s rights under this Regulation, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object. The controller should also provide means for requests to be made electronically, especially where personal data is processed by electronic means. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests. </p> <p>Using PassportScan, when signing on the tablet, the guest can choose to deny / not sign the policy that asks to process / maintain his personal data. A denial of this policy will bring to a total deletion of his / her data. </p> <p>Respect to the policy “right to be forgotten”, this will be shown as first, as per GDPR, for the guest's approval/denial. </p> <p><strong>5.- Allocation Of The Responsibilities: </strong>The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors, also in relation to the monitoring by and measures of supervisory authorities, requires a clear allocation of the responsibilities under this Regulation, including where a controller determines the purposes and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller. </p> <p>PassportScan offers different levels of access based on the responsibility in a certain premise/organisation. The logins used are as user, superuser, and administrator (these could be, in a hotel for example, respectively for a receptionist, a FOM and a GM/IT). </p> <p>This operation restricts, in this way, access to sensitive data to normal users and avoids a security threat that is often overlooked.</p> <p>Furthermore all the passwords used by the different users, with GDPR, have been strongly enhanced in PassportScan (it is now compulsory to create a password using small and capital letters, numbers and special characters). </p> <p>A particular action, modification or process, made by a certain user, can be easily traced with the audit history record, another service that PassportScan implemented with for the GDPR compliance.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-hidden"><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/gdpr" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">gdpr</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/frontdesk" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">frontdesk</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/digital-transformation" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">digital transformation</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/privacy" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">privacy</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/sensitive-data" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">sensitive data</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/audit" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">audit</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/right-be-forgotten" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">right to be forgotten</a></div></div></div> Wed, 26 Feb 2020 12:56:22 +0000 marga 170 at https://www.passportscan.net https://www.passportscan.net/why-gdpr-compliance-important#comments