The General Data Protection Regulation (GDPR) is a major overhaul of the EU data protection law. Created to strengthen and unify data protection for individuals across the world, the GDPR aims to return control to European Union citizens over their personal data and ease the flow of PII (personally identifiable information) globally.
Key points for hoteliers to understand
- GDPR applies to data collected and stored on EU citizens, wherever they are in the world. It will have an impact on the entire, global hospitality sector.
- Hotels typically collect a lot of sensitive data that could be used fraudulently. Couple this with information which is received from multiple sources, such as point of sale systems, third-party bookings, emails, own website enquiries and walk ins, hoteliers are an easy target for cyber criminals. GDPR is a game changer, because the hotel industry now needs to identity where data is kept and ensure that it is protected.
- Fast forward now to GDPR’s ‘explicit consent’ rule, where hotels must explain to the potential customer what data they are capturing (the nature of the data), explain to the customer why they are capturing that data (the purpose of the data) and explain to the customer who is requesting that data and who else will have access to this data. The idea is that the person you’re seeking to collect data from understands with clarity what data you want and what you’re going to do with it. It’s only then that they can make the decision to consent.
- Under GDPR this consent only applies to the specific purpose which you have declared.
You can read more at: https://www.hotelminder.com/the-general-data-protection-regulation-GDPR-for-your-hotel
Rules regarding privacy can change quickly so always go straight to the source of the law to determine the most up-to-date information.