Skip to main content

GDPR - What it means for you and your guests...

GDPR is coming

So what is GDPR (General Data Protection Regulation)? It's an EU regulation that becomes law on 25 May 2018 that aims to increase the data protection of all EU citizens. A whole industry has sprung up of GDPR "specialist" and there is now much media coverage. As usual there's much mis-information floating around not helped by ambiguities and deliberate vagueness of some parts of the GDPR regulations. So we think the specific understanding of GDPR will take some years to mature as authorities enforce and challenge companies compliance.

Practical Impacts

What does it mean for the hospitality industry and in particular the hotel sector? It means that hotel business must take steps to understand how they handle, store & process any personal information. That clearly includes personal information for guests and prospective guests. Even if you operate your business outside the EU but interact with EU citizens you need to take action. The EU and individual states have strong powers to impose fines for breaking the new regulations. 

What action do you need to take? First thing to do is understand what personal information you collect, how that is stored (electronically or physically in print outs etcs) and for what purpose the information is used. Document this process, nothing too formal, but enough to show you have done some analysis and can show what info you collect, how it is stored and what's used for.

If the personal information is only used for the purpose of processing a booking then there's no need for explicit consent for that data. However if you use the same information for other purposes such as emailed newsletter, marketing emails, sending special offers etc then you need to get opt-in consent from the guests first. 

Other considerations includes providing a guest the right to be forgotten and the right to access any data you have about them. This includes data stored in spreadsheets, word docs, printed invoices, etc. 

GDPR Roles

How does Guestbook 247 help me? First we need to understand the role Guestbook 247 has under GDPR and the role you as a property has. Like any PMS (Property Management System) or cloud application provider Guestbook 247 is the "data processor" whilst the property / hotel is the "data controller". Under GDPR both parties have responsibilities.

The guests are know as the "data subjects" under GDPR

What to look for from a PMS

Some areas and features the PMS (Property Management System) should cover are:
  • Document Overview  - Have a document (could be a webpage) giving details on how guest information is used, stored and protected in terms of security and encryption if required and in general a statement on GDPR compliance.
  • Consent - Support to obtain guest consent for use of their data. For the core business processes supporting a booking this is not required but for any other use of personal data such as newsletters, marketing emails then consent needs to be obtained. Guestbook will offer a number of user configurable consent options that will get shown to guests during the a booking or enquiry request. 
  • Transparency - as the data controller you must be open, transparent and explicit about what data you collect, how it's used and how long it retained for. 
  • Data Retention: Personal Identifiable Information (PII) should only be kept longer enough for the purpose of fulfilling a booking. Though keep in mind other local state rules and regs may mean you need to keep personal guest info for a period after the booking has completed. Guestbook 247 will offer the ability to anomalize or delete guest information. 
  • Pseudonymisation - that's a big word. Basically means how is personal data encrypted, tokenized or anomalized when used for non core business transactions. For instance if booking data is retained for long periods for analytics or reporting purposes then it's reasonable to anonymize the personal information (guest names, email, contact details). Guestbook will be releasing further details on this shortly.  
  • Right of Access - a guest has the right to know what information you have about them and how that is used. Guestbook will make it very easy to output all guest related information in a form that can be emailed, printed or shared by other means with a guest.
  • Right to Erasure - also known as right to be forgotten.  A guests has the right to request all personal information you hold is erased. Guestbook will make this a simple task. 
Remember that Guestbook 247 or  any other Property Management Systems can not in themselves make you as the Data Controller GDPR compliant. You must conduct your review and put into place appropriate measures. Guestbook 247 aims to be compliant as it's role as your Data Processor of bookings, guest and related information you provide. 



Useful Links

  • UK's Information Commission Officer ICO - the UK body the will enforce GDPR provides lots of information and guidance tools. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
  • Wikipedia https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  • From ITPro http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

Other Data Outside Guestbook / PMS to consider

  1. Employee's personal information that you record and stored. 
  2. Guests or employee info you have via email
  3. Hard copy / printed information

UK And Brexit

To be clear Guestbook 247 is primarily a UK business entity. GDPR comes into force 25th May 2018, the UK is still a member of the EU at this stage so GDPR applies. Post Brexit the UK will encompass GDPR within an updated Data Protection Bill, so once again GDPR will continue to apply post Brexit. Even if GDPR is not made into UK law post Brexit then GDPR still applies to any company handling personal information of EU citizens, which Guestbook 247 does, so again we will ensure Guestbook 247 is and remains GDPR compliant.  For more information about the Data Protection Bill 2017 see here https://www.gov.uk/government/collections/data-protection-bill-2017

Try it out with a free 30 day trial guestbook247.com

Comments

Popular posts from this blog

Advanced Payment and Deposit Tax Invoicing

Did You Know? UK and EU VAT / Sales Tax rules mean that when you take a deposit or advanced payment for services, such as a stay in your property, that creates a tax point. This means you need to report the payment in the current VAT period and produce an invoice detailing the tax allocation. This can be quite complex, error prone and time consuming process.  Even more so if you have to deal with different Tax Rates for different invoice items. More information from HMRC https://www.gov.uk/guidance/vat-instalments-deposits-credit-sales
Example You take a booking in April for 1 room, 2 guests with breakfast for 5 nights starting in November at £630 and right now you take 50% deposit of £315. A tax point has been created and you need to report the receipt of £315 on your current VAT return and issue an invoice to the guest. 
Lets assume this is the breakdown of the chargeable services: room rate : £96 * 5 = £480 (gross, inc VAT)breakfast : £15 * 10 = £150 (gross, inc VAT) How do you all…

The Importance of Notes

There's always something extra you want to note down about a booking, maybe a guest has specific dietary requirements, wants a car hire arranged, is arriving at an unusual time. Well the Guestbook note feature makes it easy to add a bit extra info to a booking.

Sometime it's the little things that have the greatest impact. In this case a little yellow dot on the availability calendar. Not all notes are born equal, in some cases we want to mark a note as important.

Adding an important note to the booking will activate the magic yellow dot on the availability calendar.  Not only is this a great visual reminder but hover the mouse over the booking on the calendar and see the note pop-up. Hopefully you won't miss that little special something to keep the guest happy.

From the booking edit page click the Add Note button and ensure the Important Note checkbox i ticked. Then when that booking is visible on the availability calendar
you'll see yellow dot.


Making Invoicing Even Easier

Base Rate Templates. With the recent release of Guestbook 247 Kaprun invoicing has just become even easier. We've worked to make it simple to split a booking base rate into one or more invoice lines. So for instance if a booking base rate includes a room rate and breakfast fee attracting different tax rates you can now define this once in a base rate template and apply it to selected bookings. Guestbook will generate an invoice containing separate lines for the room rate and breakfast. The template can define a mix of invoice items with fixed or percentage based amounts.
Guestbook 247 will take care of allocating the base rate across the different invoice categories and tax rates. So taking our bed and breakfast example the template rules would look like: breakfast €15 inc 12% tax per nightroom rate 100% of unallocated base rate (after breakfast amount) inc 15% tax per night You can define multiple base rate templates to cover different requirements and set one to be a default. Th…