GDPR Hotel: one year later

GDPR Europe

What has changed for accommodation facilities a year later since the GDPR came into force?

What measures have hoteliers put in place to protect their customers’ data? What are the tools available to hotels to be in line with the regulations?

How the GDPR, i.e. the European General Data Protection Regulation, has brought with it several innovations, including a different approach and attention to data processing.

How hotels deals with the GDPR

A few days ago, on May 25, 2018, the GDPR turned one year old.
During these 365 days the hoteliers have become more aware of privacy, data protection and aspects such as:

  • cookie policy
  • privacy policy
  • data breach
  • data protection officer
  • hosting server
  • … and more

In general, the managers of accommodation facilities have therefore moved on two main fronts: the website side and the management software side.
As for the website, they took care to update the privacy and cookie policy (often relying on the advice of a lawyer), they lent more to the cookies installed on the site and, in the case of contact forms, they took care to deselect any checkbox for newsletter subscription is defaulted.

As regards the management software, the hoteliers took action to understand where the customer data was stored, trying to verify the new legislation with the service provider, analyzing what the risks were in the event of a violation of the system data.

Cloud vs On-premise management software: the hotelier’s responsibilities in both cases

Then we reflected on a question that was posed by several hoteliers:

“On premise management vs cloud management. How is the data processed? With what solution does the hotelier risk less? “

In an on premise solution (installation on a local server) the responsibility for data protection must comply with various requirements: first of all the management software used must allow encryption. In addition, the local server must have an updated operating system with an operating technician who certifies the updates. Finally, the internet connection must take place through updated firewalls. All these aspects are the responsibility of the hotelier.

In a cloud solution, the responsibility for protection lies with the service provider, who will certify compliance with the GDPR.
So in this second case the hotelier is the owner of the data saved in the system, while the company that makes the software available is the data controller.

To find out more, please listen to the episode and, as always, write us any feedback at the email address or on our Facebook page.