GDPR stands for General Data Protection Regulation. This is an EU regulation that was put in place, April 14, 2016. Following a two-year transition period, on May 25, 2018, the regulation came into effect. This mandate was created to strengthen transparency on how companies collect, store and share their customers’ and their employees’ data. This act affects any company that does business in the EU (domestic businesses as well as those that target goods and services to EU citizens).
Do I have to be compliant?
By law, you must be compliant if you do any business or target customers based in the European Union.
What can happen if I am not compliant with GDPR?
Businesses can face up to a 4% fine of their annual turnover or $24.6 million (€20 million), whichever is higher.
GDPR compliance with HyperGuest.
HyperGuets may process accommodation providers’ guest (consumer) data, so we must comply with the regulations of GDPR. We have a designated representative that oversees and guarantees that HyperGuest’s product and marketing efforts are cooperative.
Customer responsibilities
Accommodation providers / Travel Providers are considered as ‘data controllers’ under GDPR, which means you are to determine why and how you are processing data from the consumer. You must also make certain all vendors which are ‘data processors’ (eg. HyperGuest) comply with GDPR. HyperGuest allows you to run your business in compliance with GDPR, but there are still things you are required to do, including:
- Updating your privacy policy to notify customers about which data you are capturing, why you are processing the data, and who else will have access to the data.
- Signing the updated data processing (DPA) from HyperGuest and other technology providers.
- Evaluating all vendors to ensure that they are GDPR compliant. For proprietary systems, hotels must ensure that they are easily able to erase guest data upon request.
- Updating marketing to ensure that emails and mass communication are only sent to customers who have explicitly opted in to receive communication.
If you have any questions about HyperGuest’s GDPR compliance, please contact our data privacy officer, Moshik Kantor, at gdpr@hyperguest.com.