How to Prepare for GDPR

In case you haven't heard by now, GDPR is coming. What is it? The short answer is that GDPR stands for General Data Protection Regulation and is the European Union's privacy law around how personal data is collected and handled. For a longer answer, we encourage you to read this excellent article from Wired or for the complete breakdown the Wikipedia page is a helpful reference.

You're probably asking yourself "I'm a hotelier in the US, why should I be concerned with the EU's regulations?" Great question! The EU's regulations apply anywhere an EU citizen does business. That means if an EU citizen books your hotel online or stays at your hotel, you are held to the GDPR standards.

GDPR is a serious issue and per Article 28 your property is considered a “data controller” and your vendors are “data processors”. GDPR stipulates that responsibility for compliance fall on the “data controllers”. What this means is you should work with the appropriate people at your property and your legal team to understand and evaluate your exposure, including working to understand any vendors you are currently using that capture consumer data. For example this would include your PMS, CRS and CRM providers.  

As a data processor working on your behalf, it is required that we have an agreement stipulating the nature of the data use and identifying us as a authorized data processor for your organization.  We will be sending you a simple addendum to your existing agreement in the near future for your review. This will not change any fees or services currently being offered to you by GCommerce.

Here are several key steps we believe are important to consider to prepare your property for the implementation of GDPR:  

Call your account executive for specific recommendations for your property or contact us via the form below.

Contact Us