helpdesk: 365 days a year
from 8:00am to 8:00pm
GDPR for hotels and restaurants
On Friday, the new European privacy regulation GDPR, came into force. In this article you will find hotel and restaurant managers’ responsibilities and the necessary security measures required to protect data in digital format in order to clarify what the new legislation entails.
What are the responsibilities of hotel and restaurant managers?
The hotel or restaurant manager (Data Controller) is the one who manages guest data: it is his responsibility to ensure confidentiality and act in compliance with GDPR by activating all parameters within the software that allow proper handling of guests’ data. Management must also be able to demonstrate to have adopted all technical and organizational measures necessary to be in line with the principles of the new regulation.
What are the responsibilities of the software producer?
The software provider, the Data Processor, the company providing the PMS, the tool with which data is collected and managed. The legislation requires that software complies with the GDPR “by design” e “by default”, meaning that in the development phase new standards and new regulations are taken into account.
Below is a list of precautions that the software user should implement in order to be able to adapt to the legislation:
1. Contact a legal advisor or a privacy expert for an analysis of the data that is managed within their company and the access granted to each operator to ensure security and control.
2. Entrust the analysis of the IT infrastructure (servers, computers, operating systems, antivirus, firewall, Cloud) to a hardware technician or IT consultant that guarantees the security of the company’s computer system. For example, an operating system has to be constantly updated in order to be in line with GDPR regulations, otherwise the company may be subject to sanctions because it does not own a computer system compliant with legal standards.
3. Define together with the legal adviser the retention period of guests’ data to be configured in the PMS.
4. Prepare clear information sheets and consent requests in line with GDPR in order to prove that an explicit consent from the data holder has been given.
5. Provide adequate training to staff on GDPR to ensure that management instructions are acknowledged and adopted by staff in all daily operations.
Below are listed the parameters that allow software to be compatible with GDPR. For simplicity, the term “company” will be used to indicate the hotel or restaurant using the software. Some examples are related specifically to hotel guest data treatment while others, more in general, refer to data storage and email marketing activities.
1.Acquisition of customer data
1.1. Data required to make a reservation
Each guest to stay in a property (hotel, B&B, apartment, etc) must be able to provide consent for sensitive data treatment according to GDPR legislation (regardless of the method used to make the reservation). The acquisition of customer data by a restaurant, instead takes place when the guest requests an invoice. In this case, in order to obtain the fiscal document, the customer has to receive a copy of the privacy treatment terms according to GDPR legislation. In both cases the guest can’t, by law, refuse to accept data processing.
1.2. Consent to send marketing communications
(if the company use the CRM module)
While requesting consent for data treatment (necessary for the reservation or to issue an invoice) the company may also ask for guests’ consent to receive promotional emails. In the PMS, based on customer’s will, the “authorizes marketing communications” flag can be enabled and the system will automatically record the date/time the consent was given.
• Positive consent: the customer will receive promotional emails from the hotel or restaurant;
• Negative consent: in addition to not being able to send marketing communications to the customer, the software will maintain only the data necessary to fulfil law obligations. In the case of hotel reservation, all sensitive data will be cancelled at guest’s check out, if the property has pre-configured this automatic operation in the PMS.
1.3. Withdrawal of consent to marketing communications
(if the company uses the CRM module)
End of consent may take place if:
• The guest, during his next stay in the property, decides not to renew the consent previously expressed (in case of a
• The guest sends a communication to the company with which he exercises his right to no longer receive promotional
In both cases listed above, in addition to not being able to send marketing communications to the customer, all sensitive data will be cancelled from existing reservations. Sensitive data means racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, biometric data which identify a person in a unique way, health information (allergies), sexual life or sexual orientation of the individual, information added in the profile notes (video notes, print notes, service notes), notes present in the reservation card and possible pictures.
2. Data Retention for tax records
Personal data retention for tax records, according to the Italian law, may be up to 10 years (please verify retention period required by your country). After this period the company no longer has a reason to store such data and data must be automatically anonymized from the PMS: all information that can identify a person in an unique way will be replaced by asterisks (in this way, information be maintained for statistical purposes, for example in the sales report).
3. Data Retention for email marketing activities
(if the company uses the CRM module)
As already indicated, the hotel or restaurant manager, together with his privacy advisor, will have to set in the PMS a maximum limit (for example 2/3 years) for which he will have the possibility to store his in his database customers
information for promotional emails. After such period, the PMS will automatically remove the consent for email marketing.
4. Access to data visualization
4.1. Credit card visualization
Credit card data will be made visible within the software only if access passwords respect PCI Level 1° regulations (listed below). If the password does not comply with these requirements, card data will still be stored inside the database, but will not be visible to operators.
Below are the minimum password requirements for PCI compliance:
• Length of at least 7 characters
• With uppercase and lowercase letters
• Must be changed at least every 90 days
• Cannot be equal to the previous 4 passwords used
• Can be mistaken a maximum of 6 times before incurring in a 30-minute suspension
4.2. Visualization and access to data
For greater protection, a “log” section may be activated in the PMS. Once the section is configured, all movements carried
out by different operators in the PMS will be registered.
From this section you will be able to view the following operations:
• PMS Log-in or log-out
• Data insertion, modification and cancellation
• Prints and data export
• Search filters applied
• Search of a specific guest profile and visualization of information
In addition, it will be possible to configure different levels of access for operators to the PMS. Each member of the staff will have access only to guests’ data related to their duties. At the hotel, for example, housekeeping staff will be able to view notes on guests’ allergies but will not have access to other information such as name, nationality, etc…
The software must be adapted to the legislation “by design” e “by default”, meaning that it must put in practice the new privacy rules by introducing automatic operations in the system that facilitate proper data management. Please note that that without a proper configuration of such automatic processes by the software user, the system will not be compliant with the new regulation.
The hotel or restaurant manager must ensure that GDPR principles are applied within his company, we therefore recommend that he contacts a legal adviser or a privacy expert.
• Anonymization of profiles after 10 years (tax records)
• Elimination of all sensitive data if the guest did not provide consent to receive promotional emails
• Elimination of all sensitive data after the period configured (expressed in years)
• Elimination of all sensitive data from customer profiles if the customer withdrew his consent to data processing for marketing purposes
• Registration of staff operations in the PMS (data access, visualization and printing)
• Display of credit card data subject to a control of the password parameters in accordance to PCI Rules
Discover more on the Ericsoft adaptation to GDPR or fill out the form below to request additional information
We have been creating complete and highly specialized technological solutions for the hospitality industry since 1995.
Having an exclusive focus on a single industry, our investments have always been entirely dedicated to the development of our software and innovative applications for hotel and restaurant management.
The experience gained over the years, together with what we acquire on a daily basis by being in contact with hospitality professionals, allows us to understand the real needs of the sector and to develop, based on new market trends and regulations, flexible and scalable solutions that can be customized according to the needs of each property, from independent ones to chains.
Ericsoft collects personal data for operation efficiency purposes and to offer customers and end users the best experience possible with its services and software. Data collected includes the following and refers not only to customers’ data, but also end users’ one:
Name and contact data: Ericsoft collects your first and last name, email address, postal address, phone number and other similar contact information.
Credentials: Ericsoft collects passwords, password hints and similar security data used for authentication and account access.
Payment data: Ericsoft collects data necessary to process your payment, such as credit card number and the security code associated with the payment method.
Customers and end users have choice options on the data collected and can therefore decline to provide such personal data; anyhow, if data necessary for service provision is not provided, some features or services may not be used.
Ericsoft uses the data that collected for two reasons: (1) to provide the services offered, (2) to send communications, including informational and promotional ones.
Services offered: include service functioning, service performance maintenance and improvement, as well as the development of new functionalities, research and customer support. Some examples include:
Customer support: Ericsoft uses data to diagnose service problems and provide support services.
Service Improvement: Ericsoft uses data to continually improve the services offered, including the provision of new features or capabilities.
Security, Safety and Dispute Resolution: Ericsoft uses data to protect the security and safety of its services and customers, to detect and prevent fraud, to confirm software licenses validity, to resolve disputes, and to enforce its contracts.
Communications: Ericsoft uses data collected to deliver and personalize its communications with customers. For example, Ericsoft may contact customers by email or other means to: inform them when a subscription is about to end, communicate that updates are available, demand for information relative to a service or repair request, invite a customer to take part in a survey or remind them to keep their account active.
Ericsoft shares customers’ and end users’ personal data with customers’ consent or based on the necessity to complete a transaction or provide a service requested or authorized by the customer or the end user. For example, when a customer or end user provides payment information to complete a purchase transaction, Ericsoft shares payment data with banks and other entities that process payment transactions or provide other financial services, for fraud prevention and credit risk reduction.
Ericsoft shares personal data with its affiliates and subsidiaries companies, vendors and agents that work on her behalf, for the purposes specified in this policy. For example, companies hired to provide customer service support or assist in protecting and securing systems and services may need access to personal data in order to provide these services. In such cases, these companies must abide by Ericsoft’s data privacy and security requirements and are not allowed to use personal data they receive from Ericsoft for any other purpose. Ericsoft may also disclose personal data as part of a corporate transaction such as a merger or asset sale.
Finally, Ericsoft will access, disclose and preserve personal data, including customers’ and end users’ content, when in good faith believes that doing so is necessary to:
comply with applicable law or respond to a valid legal process, including from law enforcement or other government agencies;
protect Ericsoft customers, for example to prevent spam or attempts to fraud users of the services, or to help prevent the loss of life or serious injury of anyone;
operate and maintain the security of the Ericsoft services, including actions to prevent or stop an attack on the Ericsoft’s computer systems or networks;
protect the rights and property of Ericsoft, such as enforcing the application of the terms that govern the use of the services.
helpdesk: 365 days a year
from 8:00am to 8:00pm
Offices: from Monday to Friday
from 09:00am to 01:00pm and from 02:30pm to 06:30pm
Address: S.S. Adriatica 62, Misano Adriatico (RN)