GDPR: What hoteliers need to know

What is the GDPR?

Intended to strengthen and unify data protection for all individuals within the European Union (EU), The General Data Protection Regulation comes into effect 25 May 2018. Any company, anywhere, that has a database that includes EU citizens, is bound by its rules.
As a hotelier, the GDPR will apply to the data you collect and process from guests originating from the EU. The GDPR aims to give EU citizens more control over their personal data, and affords them the right to request:

  • If a hotel has information on the guest stored
  • Ask the hotel to produce it
  • Have the ability to modify and/or remove the information

Are you prepared?

The GDPR is all about the privacy rights of your guests. Hoteliers must provide customers with detailed information on why it needs to process personal data and how long the hotel plans to keep the data for. Any hotel that processes data of EU guests will be affected by the GDPR and have to be compliant.

Hoteliers need to change their mindset on why they are collecting and storing data. The more descriptive you can be about why you need to have that customer’s data, and how it can ultimately help them, will improve the likelihood they grant consent or opt-in.

Hoteliers will need to make data capture points clear, and have an explicit opt-in option to store guest data. This includes the hotel’s website, and the use of guest emails for newsletters, or marketing campaigns, as you will need clear opt-in buttons at every stage.

Example: If you capture an email for a newsletter you have to ask for explicit opt-in to use the email for an email campaign.

Those that give consent are likely to be more engaged guests/qualified leads, which will help you focus on building your loyalty strategy.

Before the GDPR comes into effect, it would be good for you to review your accommodation’s data collection policy.

Be sure to revise your privacy policies and disclaimers, and be transparent about the information you need to provide to be compliant.

What happens if you don’t comply?

The GDPR is retroactive, so if you have old data you need to erase it or get it into compliance.
Non-compliance could cost hoteliers 4% of your revenue or 20 million euros in fines, depending on which is the higher amount.

Breaches of data will need to be reported immediately and the rules say you have 72 hours to comply.

Preno complies with the GDPR

Our cloud-based system makes it easy for you to comply with the GDPR.

GDPR requires you to provide EU citizens the rights to see what data a company has collected about them, control how that data is shared with other companies, and the right to have all their data deleted.

We have reviewed our internal processes to ensure we are compliant with GDPR. If you have any GDPR requests, please reach out to us at Preno through our live chat function in the bottom right of the screen or contact us.

About the author

Amelia is Preno’s CEO and Co-Founder. As a former hotelier, she enjoys writing about the latest hotel industry news and trends.