Choosing Hospitality Technology in a Post-GDPR World

Alison Guillot

How to choose the right hospitality technology in a post-GDPR world?

How to choose the right hospitality technology in a post-GDPR world?

Keep your data safe with technology providers you can trust

Before we dive in, be sure to visit our ultimate guide to hotel marketing to access an all-encompassing rundown of hotel marketing trends, data points, and insights.

As times passes under the General Data Protection Regulation, better known as GDPR, we’re beginning to see the true cost associated with the strict laws protecting the collection and use of European consumer data. Violations have cost companies millions in fines since the launch of GDPR in May 2018. Complaints about potential data breaches surged 160% from May to July 2018 alone, compared to the same period the previous year.

In the age of personalization, data protection laws such as GDPR are a juggling act for the hospitality industry. The collection of consumer data is critical for organizations to build loyalty among guests and understand their behavior and preferences. The insight companies collect is then used to craft everything from their marketing strategies, to business operations, and brand promise.

Any hospitality professional can tell you how costly a data breach can be in terms of direct losses and damage to reputation; GDPR introduces even more liability through fines that can be imposed on companies that suffer a data breach. As a result, companies should have clear policies about how personal data is processed, including policies about data management, staff training, restricting system access to employees on a need to know basis, and reviewing other internal processes. But a property’s first line of defense against a cyber-attack are their technology providers.

So what are software companies doing to ease concerns? Here are the 4 best questions to ask your current and future technology partners to determine where you can entrust your data.

Has your company been fined for non-GDPR compliance?

If the answer is yes, that’s a huge red flag that an IT provider may not have the experience or infrastructure to support the size or goals of your business. You need to choose a provider that provides sufficient guarantees about how they process personal data. Evaluate the risks to help you make a decision.

What experience do you have with data security and what resources do you have to address it?

Working with an experienced IT provider is well worth the investment when you consider the flip side of the equation – facing a steep fine associated with GDPR or even worse – a costly data breach that impacts the reputation of your business. Choose a highly respected and veteran IT provider in the hospitality industry to kick off conversations around data security. You’ll find they have dedicated security teams and high standards of service compared to smaller companies or startups.

Does your software operate on-premise or in the cloud?

As hospitality technology continues its major shift from on-premise to cloud-native architecture, IT providers have to ensure additional firewalls are in place so properties still have the convenience of accessing data anytime, anywhere, without having to worry about a leak or unauthorized access.

How can you guarantee your software enables you to comply with GDPR?

This question invites a deep-dive conversation around what improvements a provider can bring to your software ecosystem, as well as their processes for implementation. Anytime you integrate new solutions, you’ll want a technology partner that invests time in analyzing system security and can ensure modern solutions.

But just don’t take their word for it. Investigate and ask questions about how the company helps its customers to comply with GDPR, including information about corporate standards and the development process.  Ask for product transparency reports so that you have clear information about how solutions process personal data so there are no surprises when it comes to deployment time. Doing your homework on current and future IT providers will pay off in the long run by reducing the risk of data breaches (including the unnecessary stress that such incidents can cause).


At the end of the day, security is everyone’s responsibility. Although GDPR brings heightened awareness on the use of consumer data, having secure systems is good practice for every company and shouldn’t be taken for granted. Keep your company out of the headlines by performing regular checkups on internal systems and employee practices, and reviewing your third-party vendors.

As the hospitality industry continues to find new ways to collect and learn from guest data, everyone from staff to technology providers have to remain committed to data protection to ensure data is processed correctly and adequately protected.


For more reading on data security, check out our blog, “Data Security: What You Need to Know About it, and How to Act Now.”


Do you have questions about how Amadeus is handling GDPR? Click here for more information, or contact us to learn more about our specific products.