Radisson Hotel’s Global Loyalty Program Data Breach

The Radisson Hotel Group has experienced a data breach impacting members of the firm’s loyalty and rewards scheme in over 1,400 hotels in over 70 countries. Though, the Group claims that less than 10% members of the loyalty scheme have been affected.

Compromised information including names, physical addresses, countries of residence, email addresses, and some company names, telephone numbers, frequent flyer numbers. As well as Radisson Rewards members’ numbers.

The breach was discovered 20 days after it occurred. Impacted member accounts have been secured and flagged to monitor for any potential unauthorized behaviour. Radisson Hotel Group promptly informed EU regulators of the situation.

For now, Radisson Hotel Group might face up to 10mln EUR fine or 2% of global turnover. However, the full investigation needs to be performed to evaluate risks and actions that the company took to reduce the damage.

LEARNING TIP:  Hospitality sector companies possess a lot of various information about their customers. Therefore, the first thing these companies should do is to review all data.  Consent practices should exist in both newly created and already existing records. If some are missing, an update must be done. Companies, dealing with personal data in large-scale, should appoint a data protection officer (DPO) and carry out Data Protection Impact Assessment (DPIA). There are also additional requirements for data that is transferred outside EU.


Full story.

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data