Trend Digest: GDPR compliance for hospitality

The 25 May deadline may have come and gone without GDPR police descending from black helicopters to claim €20-million fines, but that doesn't mean compliance with the General Data Protection Regulation is optional.


As an industry that deals with personal information of customers from all parts of the world, including Europe, hospitality businesses have even more reason than most to want to make sure their data policies and procedures do not run afoul of the regulation.

For this month's Trend Digest, we have gathered together some of the top online resources on GDPR compliance in hospitality – from videos to checklists – to help your hotel get to grips with the new legislation.

How the GDPR stole Christmas – Cyberduck

If you're looking for a light, palatable and beautifully designed introduction to the GDPR, look no further than Cyberduck's dedicated landing page entitled How GDPR Stole Christmas.

"We all know he has his list and that he checks it twice to find out who is naughty or nice, but Santa’s breached the GDPR! He’s kept tabs on us for decades, when he only needs to know if we’ve been good in the past year." – Cyberduck

This amusing piece of content uses the scenario of Santa Claus, operations at the Grotto and his naughty and nice lists to guide readers through the key points of the GDPR, and does so in an easy-to-understand way. If you are new to the GDPR it's a great place to start.

Read the full article >>

GDPR: Why Hoteliers Should Take the new EU Regulations Very Seriously – EHL

We joke about GDPR police, How GDPR Stole Christmas makes light of a heavy subject, and there are have been some pretty hilarious GDPR tweets recently, but Ecole hôtelière de Lausanne caution that the GDPR is no laughing matter for hospitality businesses. Panelists at the school's recent Young Hoteliers Summit impressed upon the budding hospitality professionals the seriousness of the GDPR.

"In a panel discussion on the future of technology in hospitality after the keynote, [the delegate] cautioned young hoteliers that their careers in the hospitality industry could end abruptly if they were responsible for a breach." – Stuart Pallister, Head of Academic Editorial Content, EHL

High-profile panelists who noted the importance of robust data protection procedures included Nick Price, CEO of NetSys Technology and CIO of citizenM Hotels, and Suzanne Ward, Director of Digital Solutions at Mövenpick Hotels & Resorts.

Read the full article >>

Data protection self assessment – Information Commissioner's Office (ICO)

It’s not only young hoteliers that need to be cautious, however. It's in every hotel's (and your career's) best interests to take the GDPR seriously, and you may want to begin by assessing your current procedures. Although not created specifically with the hospitality industry in mind, the ICO's data protection self assessment checklists offer a great way to quickly assess your business's data handling strategies and highlight any weak spots or flaws.  

"Good information handling makes good business sense. You'll enhance your business's reputation, increase customer and employee confidence, and by making sure personal information is accurate, relevant and safe, save both time and money." – ICO

There’s a checklist for information controllers, one for processors, and many to help you assess your information security and records management, and to make sure your direct marketing efforts are GDPR compliant.

(Please note that due to high volumes of traffic the ICO website may be periodically unreachable)

See all the checklists >>

GDPR in Hospitality: Vendor Compliance Query Template Available to Industry – Hospitality Financial and Technology Professionals (HFTP)

While you might have diligently worked your way through all the ICO's checklists, you are likely to also be using a number of technology partners, from property management systems to guest feedback solutions, in order to streamline operations and ensure you meet and exceed your guests’ expectations.

"As in several industries, data management in hospitality is coordinated with multiple vendors. The task force members felt that lodging organizations should begin by inquiring about GDPR compliance from their vendors." – Lucinda Hart, CAE, MBA and Carl Weldon, FIH, FHOSPA

While partners and suppliers may act as data processors on your behalf, the responsibility for the security of any data about your guests ultimately lies with you as the data controller. Thankfully, HFTP have composed a helpful template for hotels to customise and send to their technology suppliers, enquiring about the security and GDPR-readiness of their data processing.

The template was created to be sent before the 25 May deadline, so the dates will need adjustment if you choose to use it, but it is a useful starting point for communications with any of your hotel's data processors.

Download the Vendor Compliance Query Template >>
Read the full article >>

GDPR in 3 minutes for hotel marketers [video] – GuestRevu

Your lawyers might have weeks to read the hefty document that is the General Data Protection Regulation, but we know that your marketing department is lucky to get five minutes off from sharing guests UGC and optimising your ORM. That's why we put together a three minute video on the GDPR specifically for hotel marketers, and featuring the all-powerful (and pretty knowledgeable) GDPR Genie.

If any marketers want to spend the other two of their five spare minutes learning a bit more about the GDPR, we also wrote a short article on the subject.

Read the full article >>

Disclaimer: GuestRevu is not a law firm, and the opinions and interpretations of the GDPR expressed in this Trend Digest should not be taken as legal advice. Rather, it should serve to help you gain a better understanding of the principles of respecting people’s data in the context of the hospitality industry. If you have any questions about how the GDPR should be applied to your particular business, we recommend that you consult an attorney.