Insights on GDPR

28th February 2018

When it comes to your hotel property, management of your clients’ data is going to be one of this year’s main focuses.

In hotel management, information about your guests is obtained, dealt with and held on a daily basis. However, from May 2018, a new regulation will come in place to protect people’s data. As a hotel, you need to ensure that your processes are compliant in time. The marketing team at M&T Hotel Management is exploring GDPR, who it’s aimed at and how it will impact your hotel.


What’s GDPR?

GDPR (General Data Protection Regulation) is a European regulation that has been in the works for the past 4 years. Aiming to synchronize the management of data across the EU, it will ultimately protect European citizens’ data privacy. GDPR will come into effect on the 25th May 2018 – it is both a continuation and a replacement of the 1995 Data Protection directive as it aims to move along legislation thanks to its advanced objectives.

GDPR covers a whole range of personal and sensitive data. Information such as names, addresses, economic and cultural data, as well as IP addresses, will be affected. It’s important to remember that GDPR focuses on people’s consent for their data to be used, and granting them access to their private information that is held by businesses. Put simply, consumers will have the power to access, correct, delete, and transfer personal data.

Who is GDPR aimed at?

Anyone who controls how data is handled (this could be any organisation, in this case your hotel) and data processors who process the data (this could be a third-party company obtaining, recording or holding data on their behalf) needs to be aware of GDPR.

The regulation applies to all companies dealing with data from EU residents, regardless of whether the companies are based in the EU or not. Any data transactions made in EU countries are also included, so this throws up the very valid question of how Brexit will affect GDPR. Companies in the UK still need to comply with GDPR as by the time it comes into effect, the UK will still be a member of the EU – legislation will start on 25th May 2018 and Article 50 meant that the UK will leave the EU by 30th March 2019.

What does it mean for hotels?

Hotels need to make sure that they are compliant with data protection principles by the 25th of May 2018. Failure to so will result in breaches and heavy fines. The easiest way to navigate this new legislation it to do the following:

  • Identify what data you are holding and where it is held. You need to be able to protect it – this also includes confidential information related to payments by cards.
  • Offer transparency and clarity to your guests. Explain to your guests how you will use their data – after all, guest’s consent will be a main focus of GDPR. For example, a guest signing up for a newsletter. This should be an action taken by the online visitor on the website instead of an automatic action as a result of a purchase or an online enquiry.

As guests will now be able to request access, modify, object, block or remove the personal data held on file by your hotel, you need to have processes in place to facilitate their requests. The sooner your team is aware of GDPR, the smoother the transition of your practices will be when it comes into effect.


 “GDPR has been the talk of the town for several months now. We are ensuring that our hotels are aware of the new regulations and understand the processes implied. The 25th of May is not that far away anymore, and we need to make sure that the hotels are compliant by this date to avoid any breach.”

Nicole Feldman, Head of Marketing


M&T Hotel Management is one of the most renowned hotel property management companies in the UK. For more information about our services or to discuss GDPR in more detail call us on 020 8905 2500 or contact us directly.