With the new General Data Protection Regulation (GDPR) bringing in a stricter regime from May 2018, it makes sense for hotels to make sure they are operating within data protection law, registering where necessary as a data controller with the Information Commissioner’s Office. Failure to do so is a criminal offence.

Whether you need to register depends on numerous factors, and the most relevant exemption for hotels is that they may only use personal data for so-called ‘core business purposes’, ie staff administration, advertising and marketing, or accounts and record keeping such as processing a customer’s billing information.

However, if a hotel uses CCTV anywhere on site for crime prevention purposes then registration is mandatory.

Read more:


Tagged with →