GDPR in the EU and UK: AETHOS' 3 Steps for Complying with Employer Responsibilities
GDPR in the EU and UK: AETHOS' 3 Steps for Complying with Employer Responsibilities — By Chris Mumford

AETHOS Consulting Group · 6 Apr

GDPR. Four letters of the alphabet that are proving to represent one of the biggest challenges facing businesses in 2018. The General Data Protection Regulation (GDPR) comes into effect on 25th May across the European Union, including the UK, and impacts any organisation that operates within the EU that processes data of EU citizens wherever they may be in the world. How organisations hold, store and process personal data will now be subject to higher and more consistent scrutiny - with potentially significant penalty for non-compliance. AETHOS Consulting Group's London Managing Director Chris Mumford emphasizes that much attention is already given to how customer data is handled under GDPR, especially in the hospitality sector where hotels process a high volume of personal information and payment data. "GDPR not only impacts how a business interacts with its external customers but also how it manages data internally with regard to its employees. In an industry such as hospitality where the labour force is so often highly diverse and comprised of multiple nationalities, most organisations will be affected by GDPR."

Are You Ready for GDPR? [Infographic]
Are You Ready for GDPR? [Infographic]

MarketingProfs · 29 Mar

The EU's General Data Protection Regulation (GDPR) is set to go into effect on May 25. It will dramatically change current data privacy laws througho

Hospitality Talk (UK) - Episode 2 - GDPR and Amazon Alexa
Hospitality Talk (UK) - Episode 2 - GDPR and Amazon Alexa

Chocolate Pillow · 26 Mar

IT’S HERE…… Hospitality Talk Episode 2 – I know I said in some social media posts I would likely talk mergers and acquisitions and also hospitality a

What GDPR Means for Marketers [Infographic]
What GDPR Means for Marketers [Infographic]

MarketingProfs · 26 Mar

Half of UK and US marketers say the European Union’s new General Data Protection Regulation (GDPR) law will make their marketing efforts more difficu

GDPR, the New Regulation for Personal Data in 2018
GDPR, the New Regulation for Personal Data in 2018 — By Harvey Norman

HospitalityTechGuru · 26 Mar

GDPR is designed to give people better control over their personal data, so important question is does your hotel and management software comply with the recent GDPR rules?

Concilio Labs CEO Terri Miller Talks About the Impact of GDPR on Hotels and Their Guests
Concilio Labs CEO Terri Miller Talks About the Impact of GDPR on Hotels and Their Guests — By Terri Miller

Concilio Labs, Inc. · 15 Mar

Recognized as an industry expert on hospitality technology, eCommerce, and business intelligence, Terri Miller, CEO and co-founder of Concilio Labs, discusses the impending European General Data Protection Regulation (GPDR) and what that means for hoteliers.

Getting Ready For The GDPR: What Hoteliers Need To Know
Getting Ready For The GDPR: What Hoteliers Need To Know — By Alex Shashou

ALICE · 15 Mar

ALICE has been working hard to fully understand the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and its obligations on us and our customers. We'd like to share what we've learned in order to help hoteliers and anyone else who has to figure out what is going on.

What CMOs Need to Know About the Looming General Data Protection Regulation (GDPR)
What CMOs Need to Know About the Looming General Data Protection Regulation (GDPR)

MarketingProfs · 13 Mar

The countdown is on: Only two months are left for companies to ensure they are in compliance with the European Union's General Data Protection Regula

GDPR and the hospitality space: What you need to know
GDPR and the hospitality space: What you need to know Featured Articles · 7 Mar

For Europeans who travel abroad, the United States remains a popular destination, which is great news for domestic hotel and resort owners. But booki

The GDPR (DSGVO) Countdown is On
The GDPR (DSGVO) Countdown is On — By Michael Toedt, Robert Selk

Toedt, Dr. Selk & Coll. GmbH · 16 Feb

The GDPR (General Data Protection Regulation) is about to become effective and it is time now for the hospitality industry to become aware of this topic. The GDPR is considered the big bang for data protection. The new regulation will take effect on May 25, 2018after a 2-year transition period. As of this date, all data protection regulations currently valid across the 28 countries of the European Union will be replaced by this new regulation, making the 28 different local data protection regulations disappear. With the GDPR data protection will be Europeanized.

The key trends shaping the hospitality industry in 2018
The key trends shaping the hospitality industry in 2018 — By John Seaton

Cendyn™ · 14 Dec

In your opinion, what are the top three trends that hoteliers should be aware of going into 2018?The evolving nature of the guest experience and keeping up with guests' needs and expectations is a huge focus for the hospitality industry. For a hotel, managing the customer relationship is one of the most critical elements of gaining and increasing loyalty, and yet can be the most difficult for hotels to master, as customers interact with them via a burgeoning number of contact points: email, mobile, social media, at the front desk and throughout the hotel property. Never before has technology played a more important role in improving what is ultimately the human experience of hospitality, both in terms of curating and providing it, but also in the way that customers express their gratitude for that experience in the form of loyalty. Secondly, understanding the capabilities of artificial intelligence (AI) and how that can focus and positively affect the interaction between the guest experience and the hotel. The focus for technology companies serving the hospitality industry is to enable hotels to communicate more effectively with their guests so that they are able to deliver the right message to the right person, at the right time and importantly through the right channel for that guest. With GDPR coming into effect in May 2018, never before has it been so important for hotels to ensure their communication with the guest is relevant and the data they store about a guest is compliant with these new regulations. Lastly, a key focus is personalization. Technology companies will need to work more closely together for the benefit of mutual customers to enable personalization between the hotel and their guests. Customer relationship management (CRM) is no longer just a tool for the sales and marketing departments, CRM is a tool that benefits the operations, revenue management, and distribution departments as well. Because of this, hotels are looking to integrate CRM with their other technology vendors as well, bringing the various data sources into one central place to create a single version of truth about that guest. This enables greater personalized communication between the hotel and the guest. For example, integrating a CRM to a revenue management system has enabled our customers to now offer personalized pricing based on the guests' profile including the recency, frequency and monetary value of that guest to the hotel.2. What is the biggest challenge the hospitality industry is facing? One of the biggest challenges, and opportunities, is how small our planet has become and ultimately how that has made travel easier and more accessible than ever before. This challenge opens up a wealth of opportunity but every culture and guests' needs are different. The industry needs to be mindful of this when managing travel and guest experiences on such a scale. Combine this need with the GDPR regulations coming into effect in 2018, it is imperative that hotels are working with CRM solution providers to ensure the guest profile data is accurate, communication is effective and profile data is managed in compliance with the new regulations.3. In the next 5 years, what role do you see Cendyn playing in the hospitality industry?CRM has become front of mind for hoteliers across the globe. Not just because of its ability to process data and provide a clear, digestible view of that data, but because it is the only way to process data from multiple technology platforms within a hotel and then provide a single version of truth for every guest. This has become imperative for hoteliers who want to provide a truly personalized experience, drive loyalty to their brand and stay competitive. In the next five years, this will become even more apparent as guests become savvier and demand more from their travel experiences. For hoteliers to stay ahead of the curve, we've seen that using data to pave the way in how hoteliers communicate with their guests has revolutionized how they can learn more about guests' interactions, drive direct bookings, maintain brand presence with their most valuable guests and stay competitive in their market. Our continued investment enables hoteliers to keep their guests at the forefront of what they do, and concentrate on providing exceptional, personalized customer service at all times. And as AI becomes more of the norm, hoteliers will need to embrace the ability to use machines/technology to aggregate information and learn from data to provide a seamless experience for every guest.

Personal data, privacy and identity
Personal data, privacy and identity — By Alvaro Hidalgo

HFTP · 21 Nov

The collection of personal data is inherent to the hotel industry; it is what allows us to tailor guest experiences, market our hotels effectively, and foster long-term loyalty. The EU’s General Data Protection Regulation (GDPR) will come into force soon, and it has the potential of turning all of this, and more, on its head. Alvaro Hidalgo walks us through the enormous challenges, and even posits a solution.

Are you keeping your guests' personal data safe? Interview with Alan D. Meneghetti
Are you keeping your guests' personal data safe? Interview with Alan D. Meneghetti — By Sarah Came

GuestRevu · 23 Oct

Modern technology allows businesses to easily collect, store and use vast amounts of personal data about their customers. In the hospitality industry, hotels can use this powerful data to enhance, streamline and personalise guest experiences. However, with great power comes great responsibility, and hospitality businesses need to ensure that they handle their data responsibly.

133 | GDPR Compliance with HFTP COO Lucinda Hart
133 | GDPR Compliance with HFTP COO Lucinda Hart

The Lodging Leaders Podcast: Powerful Business Strategies for Hotel Professionals · 11 Oct

Lucinda Hart, CAE, MBA, has over 22 years of association management and customer service experience in the areas of human resources, certification, m

GDPR – Advice for the Hospitality sector
GDPR – Advice for the Hospitality sector — By Kris Troukens, PMP

Quality Hotel Services · 13 Sep

GDPR, what is it, and is it important to the Hospitality Sector?The General Data Protection Regulations (GDPR) is a major overhaul of the EU data protection law. It comes into force on May 25th, 2018. It requires any business (including hospitality industry businesses) that handles personal data of a EU citizen to have adequate measures in place. What is meant by "adequate measures"?By "adequate measures" they mean data should be properly protected, and any theft or misuse of this data cannot occur. The EU citizen (the guest) also has specific rights on the data that you are holding about him. (see below) Does GDPR only apply within the European Union?No, it applies to data stored on EU citizens, wherever they are staying around the world. This impacts the entire hospitality sector, worldwide. What if I am not compliant?If a EU citizen files a complaint, the hotel may face some hefty fines. The maximum fine is set to 20 million Euros, or 4% of the annual global turnover (whichever is the greater). HOW TO PREPARE in 13 STEPS There are several steps that the hotel can take to properly prepare for GDPR. Some of them may already be in place. They are listed below. 1) Create awareness in the hotel. Buy-in of the hotel management team is also essential. There may be changes in procedures or systems, so all managers should be aware of GDPR, fully understand it, and be able to understand the impact on their department. 2) Create a "data-register" You should be documenting which information you are holding, where it is stored, where it comes from, whom you are sharing it with, and if the guest has given his consent to you collecting all this data. This "data-register" will map all your data streams. All processing steps should be recorded, and this may require the compilation or review of existing policies and procedures. 3) Communicate to your guests about your new privacy rules Make sure you ask the guest for his agreement on giving you all required data, and document that agreement. This could be easily done on the registration card, or when checking-in on line. Adapt your legal statements and customer agreements to the new legislation. You will need to disclose for which purpose(s) you intend to collect data, and how long you will be keeping it. 4) Guests rights The European guest has several rights, and you need to ensure he can exercise his rights, which include: The right of access to his data The right to rectification The right to erase The right to restrict processing The right to transfer his data to another party The right to object The right not to be included in automated marketing initiatives or profiling Many of those rights may already be in existence today. 5) Guest access requests You will need to be ready to handle a guest request coming in about his rights. You are not allowed to charge for this service, and you have a maximum of 1 month to provide an answer. If you refuse a request, you must inform the guests about your reasons, and provide any details about the Privacy Commission and the name and contact details of your DPO (Data Protection Officer, more on this below), so that the guest understands how to file a complaint. 6) Lawful basis for processing guest data While the hotel is collecting data, it can only do so if there is a lawful reason. You need to review and ensure all questions you are asking (on registration cards, online forms etc…) are absolutely required for you to process the guest. As an example, the departure date of a guest is a required piece of data. However, asking for the guest's birthday may be more difficult to justify. 7) Guest consent It is important to review how you are obtaining, and recording the guest consent. He may be arriving via a travel agent, via a telephone reservation, or it may be a walk-in. All these cases need to be considered. At all times, there must be a clear "opt-in" given by the guests. There cannot be any pre-ticked boxes where the guest agrees to give his data; opting in is never by default. Also consider how you will handle the case of a guest who withdraws his consent. 8) Children There's an additional consideration for children under 16. Authorisaton to process a minor's data should be obtained from their parents or responsible adult. The hotel needs to prepare for this scenario. 9) Data breaches or theft The hotel should be ready to detect, and remedy any data theft concerning personal data. The data register should be able to provide insight into which pieces of data are concerned. Any incident should be reported within 72hrs to the Privacy Commission, for all cases where there is a risk that guest data may have been compromised. By extension, this implies your network and storage systems should be up-to-date with the latest intrusion detection programs and should have successfully passed penetration testing. 10) Data protection by design, and Data Protection Impact assessments For any new systems or major changes, it would be wise to keep the "Data protection by Design" in mind. Indeed, when discussing requirements for a new tool or procedure, you can already include the data protection principles, right from the design stage. An Impact Assessment is required when major new technology is introduced, or significant upgrades are taking place on systems which contain personal data. 11) The Data Protection Officer Within your hotel or company someone should be tasked to become the Data Protection Officer (DPO). Make sure this is someone who knows and understands the importance of personal data processing. This can very well be an additional task for an existing employee or manager. It is mandatory to appoint a DPO when you are handling large volumes of personal data records, such as medical or criminal records. In a hotel, large amounts of credit card details are processed, so it is eminently sensible to have a DPO in place. The DPO should always understand and be aware of all data flows in the hotel, and he should ensure that he has an updated data register at all times, in case any queries arise. The name of the DPO should be mentioned on all privacy statements on any media. When filing a complaint, the guest will reference the DPO by name. 12) International and Group Hotels If you are an independent hotel, this point does not apply. For hotels with multiple properties, or in multiple EU countries, it is important to align the procedures, and to identify who is taking the lead (presumably the country or regional office) for the coordinated GDPR efforts. If you are present in multiple EU countries, it is required to identify a "main establishment", and also the country lead supervisory authority. 13) Existing Contracts It is likely that for the processing of your data you are assisted by third parties or subcontractors. Make sure you are aware of who they are, and what your current contractual obligations are. It would also be an excellent opportunity to review these contracts to include any GDPR related aspects and ensuring the contractor is aware of his obligations under GDPR and that services or systems help you meet your GDR requirements. MORE FAQ'S Who is overseeing the introduction of these new regulations?Every country has one central organisation to oversee the introduction of the new regulation. For Belgium this is the "Privacy Commission" ( Any queries or complaints from guests will be addressed to them. Who is responsible?Ultimately it is you, the hotelier who is responsible. So, if any of the above points fail, and a guest files a complaint with the country authority, it will be addressed to you, and you will have to justify your actions to the Privacy Commission. What if I need assistance? Quality Hotel services can help you in several ways: Compile a comprehensive awareness campaign, tailored to your property Set up a "data-register" for you, or provide you with a workable template Making sure the necessary "consent" statements are included on all printed and electronic media where you collect guest data Recommend processes on how to obtain consent from guests, and children Ensuring your network and data storage devices are 100% safe and protected Design an "Impact Assessment Analysis" template document Compiling the job description and procedure manual for a DPO Compiling your "Data" supplier list, and reviewing/suggesting contractual amendments

My data, my privacy
My data, my privacy Featured Articles · 8 Sep

The future is full of revenue opportunities for hoteliers who try to monetize their guests’ data, but from the guest perspective, it may seem akin to