From 25th May 2018 the General Data Protection Regulation (GDPR) law comes into effect, meaning all data applications will have to be adapted to the new legal situation by then. The aim is to increase protections around the processing of personal data.
GDPR for accomodation providers?
All companies that process personal information (PI) are affected by this new regulation. Personal information includes: name, address, IP address or location information. So as a landlord this applies to you, as you will process personal guest information in the recording of guest details and processing booking confirmations and in your accounts.
Am I affected by the GDPR as a private accomodation provider?
As soon as data processing relates to economic activities, GDPR is effective. As a private landlord, you are therefore concerned when processing personal information in an organized and orderly manner. As an example, even storing business cards in a carousel or A-Z binder makes this true.
What do I have to do?
The General Data Protection Regulation covers the type of guest information you can collect, and the methods by which you can process it. Guests have the right to see what information you store about them, and they also have the right to tell you to correct or delete data.
There are certain principles that must be followed when dealing with guest data. The following points, also called “information obligations and data subjects” are particularly relevant for you. However, a complete catalog of measures must be developed individually by a specialized legal advisor. (Further links at the end of the blog entry):
- Purpose limitation: When you collect data, this may only be done for a clear and legitimate purpose. The storage and processing of the data must not exceed this. That means: for each purpose there are separate storage obligations and deadlines.
- Data minimization: The collection of data must be appropriate to the purpose and be limited to the minimum extent necessary – the recording of second or third party phone numbers in contact forms, for example, is not allowed if this cannot be justified.
- Right to information: For you as a landlord, there is a duty to provide information – your guests have the right to know what data they have stored about them and they can demand that this be edited, rectified or deleted. If your guest, Mr. Smith, asks you to delete his data, you must be able to destroy all the information stored about him in your guest administration, your mailbox or your notebook and confirm that you have deleted it.
As accommodation provider, you are also required to keep a record of data processing activities, as well as documentation to demonstrate your GDPR processes.
One thing is for certain: your processes relating to data collection and data processing must be analyzed and adapted to ensure you are operating in line with the GDPR rules – both for online and offline storage and processing of personal information. This is complex and brings with it some inconvenience. But we have good news for you: we can support you in some of the work!
GDPR compliant rental with easybooking
With JULIA we offer you a complete solution for your rental – from the online enquiry and the direct booking via your website, to the reservation management in the web-based room plan and automated guest communication. Our systems have been analysed and adapted to be GDPR compliant in time for the 25th May 2018 deadline:
- We will get from you as a landlord a contract of data processing for cooperation with easybooking
- We provide GDPR compliant enquiry & booking forms for your website
- The provided contact forms collect only the most necessary guest data
- The contact forms provided contain GDPR compliant checkboxes confirming the General Terms and Conditions (GTC), consent to data processing, and offer optional sign-up to your newsletter mailing list.
- We equip your easybooking integrated website with privacy statements and terms
- We guarantee a GDPR compliant option for deleting guest data from your guest database
- With easybooking, we can help with part of your day-to-day requirements as a landlord, and assist you in the implementation of some obligations. But that is not enough, because:
Its a lot to do!
The General Data Protection Regulation covers a complex, and above all, extensive topic that goes far beyond your website or easybooking. As a landlord you should ensure that you have become informed on the subject and adapted your processes to deal with it, to give yourself peace of mind!
For Austrian accommodation providers the WKO provides information and explanations online:
- Austrian Data Protection Adaptation Act: Data Protection Adaptation Act 2018 for the Implementation of the General Data Protection Regulation
- WKO Guide: Am I affected? https://www.wko.at/service/unternehmensfuehrung-finanzierung-foerderungen/eu-dsgvo-bin-ich-betroffen-faq.html
- WKO Checklist for GDPR: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/EU-Datenschutz-Grundverordnung:-Checkliste.html
- Information on storage and retention periods: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html
For accommodation providers in the United Kingdom (UK):
- The Information Commissioner’s Office (ICO) is responsible for overseeing GDPR in the UK. Their website is a useful source of information generally for data protection: https://ico.org.uk/
- The ICO website has information about GDPR, including checklists to help you understand the changes you will need to make to become compliant: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
- For additional peace of mind we recommend that you consult a specialized legal advisor for detailed questions about GDPR in connection with your accommodation business.