DPR stands for ‘General Data Protection Regulation’. It’s an EU regulation coming into effect in May 2018, and concerns the protection of personal data and the rights individuals have to their information. Consumers will have greater control over the data organisations hold on them.

What Rights Do My Hotel Guests Have Under GDPR?

  • The right to be informed

You must be honest and clear with your guests about how you are using their data.

  • The right to erasure

Also known as ‘the right to be forgotten’, your guests have the right to request that their personal data is deleted or removed by the hotel, without having to give a reason why.

  • The right to data portability

This allows your guests to obtain and reuse their personal data for their own purposes, enabling your guests to take advantages of services which can use the data to find your guests a better deal.

  • The right to access

Your guests have the right to know exactly what information is held about them and how it is used.

  • The right to rectify

Your guests can ask to have their personal data corrected if it is inaccurate or incomplete

  • The right to restrict processing

Your guests have the right to block or suppress processing of their personal data – meaning that the hotel may store the data, but may not use it without the guest’s permission.

  • Rights of automated decision-making and profiling

The GDPR has put in place safeguards to protect your guests against the risk of a potentially damaging decision being made without human intervention.

  • The right to object

In certain circumstances, your guests are entitled to object to their personal data being used. This includes if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.

So, My Guests…

  • …can withdraw their consent to provide personal data?

Yes. Your guests can always ask the hotel that holds their personal data to restrict or block the processing of their personal data.

  • …trust that their personal data is safe?

Yes. As the data controller, you (the hotel) manage your guest’s data, such as browsing information, visited sites, social media posts etc., according to the GDPR regulation

  • …can request a copy of the information a hotel holds about them?

Yes. If requested, as the data controller you must provide a copy of the personal data, free of charge, in an electronic format.

…have the right to be ‘forgotten’?

Yes. They have the right to ask the hotel to erase their personal data, cease further dissemination of the data, and have third parties halt processing of the data.

Since October 2016, Hoist Group has been intensively working to analyse, verify and improve its products on a path of discovery and compliancy with the new regulation. This was made possible thanks to a team of legal experts in data privacy, different teams of developers and Hoist Group’s IT department. These teams have been working constantly to ensure the best results, and will continue even after the regulation is in force as we strive to keep our customers a priority.