Three Considerations to Make While Preparing Your Hotel for GDPR

Alison Guillot

3 considerations to make while preparing your hotel for GDPR

3 considerations to make while preparing your hotel for GDPR

Before we dive in, be sure to visit our ultimate guide to hotel marketing to access an all-encompassing rundown of hotel marketing trends, data points, and insights.

The General Data Protection Regulation (GDPR) has impacted hotel industry practices worldwide. The controversial law aims to revolutionize data privacy across Europe, expanding rights for consumers, while mapping out strict new guidelines for businesses. The GDPR applies not only to European companies but to all companies processing European consumer data, making it the most far-reaching legislation of its kind in 20 years.

The law represents a major challenge for the hotel industry that thrives off personal data. Hotels frequently solicit feedback from customers before, during, and after their stay. Knowing what’s important to guests enables a property to deliver a more personalized experience, incentivize them into future stays, and ultimately win their loyalty.

[bctt tweet=”3 Considerations to Prepare Your Hotel for the GDPR compliance deadline of May 25, 2018.” username=”amadeushosp”]

But hotels may have to abandon this approach to meet the GDPR compliance deadline of May 25, 2018, or face fines upwards of €20 million. The time is now for hoteliers to adapt their communication practices as well as their technology. Just consider the range of sensitive guest information hotels collect and store in their systems, for example:

  • Central Reservation System: When a guest books a room, they have to supply all their contact information down to their address, phone number, and email.
  • Property Management System: When a guest checks in, they share photo ID and credit card details.
  • Guest Profile: Hotels may record other personal information like age, sex, disabilities, or accommodation preferences depending on the needs of the guest.

Speak to an Expert on PMS
Understand Your Technology

Evaluating software for GDPR compliance shouldn’t be overwhelming. Here are 3 important considerations to getting your hotel prepared:

  • Understand your technology: Map out your business to expose the types of personal data your property handles. Is your marketing and communications strategy already GDPR compliant? What about your systems, or do they require changes


  • Three Considerations Make Preparing Hotel GDPRAddress risks: Eliminate concerns about where and how your data is stored. Are you providing consumers an easy way to opt in and out of your communications? Is guest information secure from hackers? Look into the benefits of appointing a data protection officer to help you understand potential threats.



  • Lock on KeyboardUpdate processes: Make all the necessary updates to your hotel software and processes to ensure GDPR compliancy. Don’t forget to involve any third party vendors that might be impacted.



Adopting GDPR standards may even prove effective against data breaches. The industry has been plagued by a number of highly publicized breaches in recent years, the effects of which are far-reaching – sensitive customer data is leaked, chains lose millions in revenue, and their brand reputation suffers. We hope these 3 considerations to make while preparing your hotel for GDPR were useful for you. Hotels may be able to avoid this costly scenario as they examine their systems and implement improvements to comply with the new guidelines.

Learn More about Amadeus Central Reservation Systems (CRS)