Skip to main content

GDPR - What it means for you and your guests...

GDPR is coming

So what is GDPR (General Data Protection Regulation)? It's an EU regulation that becomes law on 25 May 2018 that aims to increase the data protection of all EU citizens. A whole industry has sprung up of GDPR "specialist" and there is now much media coverage. As usual there's much mis-information floating around not helped by ambiguities and deliberate vagueness of some parts of the GDPR regulations. So we think the specific understanding of GDPR will take some years to mature as authorities enforce and challenge companies compliance.

Practical Impacts

What does it mean for the hospitality industry and in particular the hotel sector? It means that hotel business must take steps to understand how they handle, store & process any personal information. That clearly includes personal information for guests and prospective guests. Even if you operate your business outside the EU but interact with EU citizens you need to take action. The EU and individual states have strong powers to impose fines for breaking the new regulations. 

What action do you need to take? First thing to do is understand what personal information you collect, how that is stored (electronically or physically in print outs etcs) and for what purpose the information is used. Document this process, nothing too formal, but enough to show you have done some analysis and can show what info you collect, how it is stored and what's used for.

If the personal information is only used for the purpose of processing a booking then there's no need for explicit consent for that data. However if you use the same information for other purposes such as emailed newsletter, marketing emails, sending special offers etc then you need to get opt-in consent from the guests first. 

Other considerations includes providing a guest the right to be forgotten and the right to access any data you have about them. This includes data stored in spreadsheets, word docs, printed invoices, etc. 

GDPR Roles

How does Guestbook 247 help me? First we need to understand the role Guestbook 247 has under GDPR and the role you as a property has. Like any PMS (Property Management System) or cloud application provider Guestbook 247 is the "data processor" whilst the property / hotel is the "data controller". Under GDPR both parties have responsibilities.

The guests are know as the "data subjects" under GDPR

What to look for from a PMS

Some areas and features the PMS (Property Management System) should cover are:
  • Document Overview  - Have a document (could be a webpage) giving details on how guest information is used, stored and protected in terms of security and encryption if required and in general a statement on GDPR compliance.
  • Consent - Support to obtain guest consent for use of their data. For the core business processes supporting a booking this is not required but for any other use of personal data such as newsletters, marketing emails then consent needs to be obtained. Guestbook will offer a number of user configurable consent options that will get shown to guests during the a booking or enquiry request. 
  • Transparency - as the data controller you must be open, transparent and explicit about what data you collect, how it's used and how long it retained for. 
  • Data Retention: Personal Identifiable Information (PII) should only be kept longer enough for the purpose of fulfilling a booking. Though keep in mind other local state rules and regs may mean you need to keep personal guest info for a period after the booking has completed. Guestbook 247 will offer the ability to anomalize or delete guest information. 
  • Pseudonymisation - that's a big word. Basically means how is personal data encrypted, tokenized or anomalized when used for non core business transactions. For instance if booking data is retained for long periods for analytics or reporting purposes then it's reasonable to anonymize the personal information (guest names, email, contact details). Guestbook will be releasing further details on this shortly.  
  • Right of Access - a guest has the right to know what information you have about them and how that is used. Guestbook will make it very easy to output all guest related information in a form that can be emailed, printed or shared by other means with a guest.
  • Right to Erasure - also known as right to be forgotten.  A guests has the right to request all personal information you hold is erased. Guestbook will make this a simple task. 
Remember that Guestbook 247 or  any other Property Management Systems can not in themselves make you as the Data Controller GDPR compliant. You must conduct your review and put into place appropriate measures. Guestbook 247 aims to be compliant as it's role as your Data Processor of bookings, guest and related information you provide. 

Useful Links

  • UK's Information Commission Officer ICO - the UK body the will enforce GDPR provides lots of information and guidance tools.
  • Wikipedia
  • From ITPro

Other Data Outside Guestbook / PMS to consider

  1. Employee's personal information that you record and stored. 
  2. Guests or employee info you have via email
  3. Hard copy / printed information

UK And Brexit

To be clear Guestbook 247 is primarily a UK business entity. GDPR comes into force 25th May 2018, the UK is still a member of the EU at this stage so GDPR applies. Post Brexit the UK will encompass GDPR within an updated Data Protection Bill, so once again GDPR will continue to apply post Brexit. Even if GDPR is not made into UK law post Brexit then GDPR still applies to any company handling personal information of EU citizens, which Guestbook 247 does, so again we will ensure Guestbook 247 is and remains GDPR compliant.  For more information about the Data Protection Bill 2017 see here

Try it out with a free 30 day trial


Popular posts from this blog

QuickBooks, VAT, MTD and online accounting

Get Linked, Save Time. We're pleased to announce Guestbook247 can now be linked to QuickBooks Online for UK based customers, providing seamless way to integrate your booking invoices direct to your online accounting solution. We believe this will save businesses significant time, reduce mistakes and for UK customers help meet Making Tax Digital (MTD) VAT compliance and ease changing VAT rates during these COVID times.  MTD VAT - What Is That? For UK VAT registered businesses from April 2019 Making Tax Digital (MTD) for VAT went live. This obligates VAT registered businesses with a turnover over £85,000 to keep digital records and to submit VAT returns online using an HMRC approved software, such as QuickBooks Online. Up until now you have been able to manually move data from your other business software solutions, such as Guestbook247, into your accounting software. However from April 2021 so called "copy and paste" of VAT related transaction data will no longer t

New Dashboard And Modern Look.

Lots Has Been Happening. We've been very busy with lots of exciting new features and have created a more modern and cleaner look for guestbook 247. Not just a new look but a much enhanced dashboard from which to see at a glance key info, bookings, availability and business insights. We hope the new look will make using and navigating guestbook more pleasant, easier and productive. The Dashboard.  The dashboard is your new Guestbook 247 home from where you can see and do most of your daily task and get easy insights on your business. The availability calendar sporting a new fresh look and improved navigation Key business metrics such as number of bookings and enquiries, rooms occupied  The Timeline shows your booking info for the  the most relevant bookings recent activity new enquires who's in and out Instant guest search based on name or email Booking source charts - see at a glance where your bookings are coming from, compare different time periods to spo