www.qhotelservices.com - kris @ qhotelservices.com

TEL +32 473 95 00 24

privacy policy

GDPR Advice for the Hospitality sector

In April 2016, the European Parliament adopted a new standard to improve data protection for individuals within the European Union (EU). Hotels face strict fines for not complying with the standards set by the General Data Protection Regulation, which provides greater predictability and efficiency for organizations that do business in the EU and offers guests increased data protection rights.

GDPR does not only apply to EU domestic business, but to ANY HOTEL worldwide providing rooms and services to European citizens.

The GDPR regulations take effect on May 25th, 2018.

Home page of the EU GDPR.

A one-day assessment
is usually enough to get you
to a minimum
compliance level

How can a hotel prepare in 13 steps:

1) Create awareness in the hotel.
2) Create a “register of processing activities” - this is mandatory !
3) Communicate to your guests about your new privacy rules - are these rules on your webpages ?
4) Guests rights
5) Guest access requests - prepare for the various questions you can expect
6) Lawful basis for processing guest data
7) Guest consent - can you capture consent ? what if a guests wants to withdraw this ...
8)  Children, they have special rights ...
9) Data breaches or theft, and what to do ...
10) Data protection by design, and Data Protection Impact assessments
11) The Data Protection Officer... required or not ...
12) International and Group Hotels, what with overseas data transfers ...
13) Existing Contracts - do they contain the necessary clauses

Where to start ?

1) Download the full paper, explaining the 13 steps in detail

2) Download the GDPR checklist "Am I ready for GDPR"

3) Sign up to receive updates

An update of the "13-steps-whitepaper" is in the making.

To receive the update, make sure to leave us your details.

4) We can assist you with various preparations, such as

  • Discovery phase to find out what needs to be done at your property

  • Creation of GDPR Logbook / Register of processing activities / Register of contracts / Risk register, and various others

  • Procedures for Data Lifecycle management / Incident response planning / Inquiry management / breach reporting

  • Assistance with creation of your website privacy policy

  • Incident response plan

  • and many more. Contact us for further details.

We have customers from various EU countries.

We can assist remotely, in many cases a visit is not required.

CONTACT us for details.