EU General Data Protection Regulation (GDPR)

The GDPR (General Data Protection Regulation) seeks to create a data protection law framework across the European Union (EU) and provides EU citizens and their residents control over their personal data, while imposing strict rules on those hosting and processing this data, anywhere in the world. GDPR effective date is May 25, 2018.

Hotels are “Data Controllers”

Since hotel & lodging properties process personal data, they are data controllers and are subject to key obligations and potential liability. Data controllers determine the purposes, conditions and means of processing personal data. Additionally, a company (or person) which processes data for you is also subject to key obligations and potential liability.

Personal Data In all cases, personal data stored in an IT system, through video surveillance, or on paper is subject to the protection requirements set out in the GDPR. Examples of personal data include:

• Names, email, addresses, date of births, social security numbers, an identification card number, location data (GPS), internet user location, IP address, cookies, RFID tags, advertising identifier (mobile phones), health (HIPAA)/genetic/biometric data, racial and/or ethnic data, political opinions, sexual orientation, union membership

To review the full regulation document which this website is in compliance: