The GDPR was implemented last year and every company it applied to should have been fully compliant by then, said Finn Schulz, principal at Schulz Consulting, an independent technology consultancy in the EU.
"The (U.S.) hotel industry more looked at it as a starting point," he said. "Slowly, surely, they're getting the processes in place."
Because it was clear that the GDPR would apply to European hotels, European hoteliers are much further ahead in being compliant with the data privacy law, said Sandy Garfinkel, attorney at Eckert Seamans and chairman of the firm's data security and privacy group. The U.S. hotel industry has been a mixed bag, with many companies conducting an analysis to determine whether they would need to comply with the GDPR. There was some resistance to the idea, he said.