Updates 2:30 Min read

[Whitepaper] What is GDPR? Know all about the General Data Protection Regulation.

The GDPR (General Data Protection Regulation) is a regulation that aims to strengthen and unify the data protection of EU citizens.

Tomeu Fiol CMO de Hotelinking

Data Protection Data Storage Database GDPR RGPD

The contacts database is one of the most important assets held by a hotel. Because in all reality, self-made contacts are not that easy to make with the large number of hotel intermediaries. And when you do make them, you try to look after them with great care using different online strategies like email marketing, for example, to boost direct bookings.

But now, the goal of getting new contacts to feed our CRM and make them loyal seems a bit threatened by the new data protection regulation that went into effect last May.

So, do you know what GDPR is all about and if it applies to your hotel?

The GDPR (General Data Protection Regulation), which entered into force last May, is a regulation that aims to strengthen and unify the data protection of EU citizens through a set of rules that are applicable as of 25 May 2018.

This regulation has brought a large number of changes with it meaning the hotel sector, which manages a large quantity of their customers’ personal data, must be up-to-date on all the new developments involved with this new regulation.

And does it apply to your hotel? Yes, whenever you market your products to EU citizens, work with their data and/or analyse them even if your business is not located in the European Union.

This new regulation is based on many of the principles of the Data Protection Directive (DPD) of 1995, which it replaces with new provisions to reinforce citizens’ and harsher penalties for those who commit violations.

The truth is, as a sector, the hotel industry is one of the most vulnerable when it comes to security. And that is because there’s a large quantity of personal data being processed in booking systems and CRMs meaning hotels are an easy target for many cyberattacks.

Thus, the GDPR aims to improve the protection of personal data for EU citizens by increasing the obligations on companies that compile or process these data.

Now, what are the most important changes and obligations?

With regard to data collection

The transparency. With the GDPR, any company that is going to compile contact data through web forms must clearly communicate what these data will be used for while users, after being informed, must grant clear consent to said use and have the option of withdrawing any such consent.
Data minimization. This data protection regulation only allows the compilation of information that is adequate, relevant and limited to the purpose at which the data collection is aimed. Requesting unnecessary or excessive data is a violation.

Data storage and processing

Purpose and limitation of use. Personal data may only be used for the purpose for which they were collected – a specific, explicit and legitimate purpose that has been consented to by the contact.
Technical and organizational security measures. In other words, with the GDPR, the company must ensure the data are stored securely and even encrypted to protect them from unauthorized processing, loss, dissemination or alteration. And only the authorized parties may control the data.
Under the GDPR, companies must consider the impact of the use of personal data by their contacts meaning they must ensure not only they comply with the obligations under the new regulation but can also prove they do.
Updates and corrections. Contacts may ask that their data be updated or corrected if the information is not accurate.
Data storage. Companies may only keep their contacts’ personal data for the time necessary as per the purpose for which they were collected. In other words, they may not continue to store data from users who have no further ties to the company and have not granted their consent.
Data deletion. Pursuant to GDPR, a company must comply with any requests from users to delete their data and confirm such deletion.

As can be seen, there is a whole series of important changes for hotels because one thing is for sure – the GDPR leaves no European Union company indifferent.

Is your hotel ready for the new Data Protection Regulation?

How do we do this at Hotelinking?

We’re prepared and guarantee compliance with GDPR.

You can download our whitepaper here explaining what we do in detail:

GDPR and Hotelinking.

Name	Domain	Purpose	Expiry	Type
YSC	youtube.com	YouTube session cookie.	54 years	HTTP
wpl_user_preference	www.hotelinking.com	WP GDPR Cookie Consent Preferences	Session	HTTP
__Secure-1PAPISID	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
__Secure-1PSID	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
__Secure-1PSIDCC	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
__Secure-1PSIDTS	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
__Secure-3PSIDCC	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
__Secure-3PSIDTS	google.com	Cookie needed for the use of the options and services on the website	1 year	HTTP
AEC	google.com	Cookie needed for the use of the options and services on the website	2 months	HTTP
CONSENT	google.com	Tracker for consent of Google cookies	14 years	HTTP
SEARCH_SAMESITE	google.com	SameSite prevents the browser sending this cookie along with requests between sites. The main aim is to mitigate the risk of cross-site information leakage. It also provides a certain level of protection against cross-site request forgery.	6 months	HTTP
wpl_viewed_cookie	hotelinking.com	Cookie needed for the use of the options and services on the website	Session	HTTP
LOGIN_INFO	youtube.com	Technical cookies for playback of content	3 months	HTTP
PREF	youtube.com	This cookie stores your preferences and other information, in particular, the preferred language, how many search results you want to be displayed on your page and whether or not you want to activate the Google SafeSearch filter.	1 year	HTTP

Name	Domain	Purpose	Expiry	Type
VISITOR_INFO1_LIVE	youtube.com	YouTube cookie.	6 months	HTTP
1P_JAR	google.com	These cookies are set through embedded YouTube videos. They record anonymous statistical data about, for example, how many times the video is played and the settings used for playback	1 month	HTTP
APISID	google.com	It downloads certain Google tools and saves certain preferences, for example, the number of search results per page or the activation of the SafeSearch filter. It adjusts the adverts that appear in Google searches	1 year	HTTP
HSID	google.com	It downloads certain Google tools and saves certain preferences, for example, the number of search results per page or the activation of the SafeSearch filter. It adjusts the adverts that appear in Google searches	1 year	HTTP
NID	google.com	These cookies are used to compile statistics from the website and track conversion rates and the personalisation of Google ads	7 months	HTTP
OTZ	google.com	Aggregate analysis of website visitors	24 dyas	HTTP
SAPISID	google.com	It downloads certain Google tools and saves certain preferences, for example, the number of search results per page or the activation of the SafeSearch filter. It adjusts the adverts that appear in Google searches	1 year	HTTP
SID	google.com	It downloads certain Google tools and saves certain preferences, for example, the number of search results per page or the activation of the SafeSearch filter. It adjusts the adverts that appear in Google searches	1 year	HTTP
SIDCC	google.com	Descargar ciertas herramientas de Google y guardar ciertas preferencias, por ejemplo, el número de resultados de la búsqueda por hoja o la activación del filtro SafeSearch. Ajusta los anuncios que aparecen en la búsqueda de Google	1 year	HTTP
SSID	google.com	It downloads certain Google tools and saves certain preferences, for example, the number of search results per page or the activation of the SafeSearch filter. It adjusts the adverts that appear in Google searches	1 year	HTTP
VISITOR_INFO01_LIVE	youtube.com	It attempts to estimate the bandwidth of users on YouTube pages with embed videos	6 months	HTTP

Name	Domain	Purpose	Expiry	Type
_ga	hotelinking.com	Google Universal Analytics long-time unique user tracking identifier.	2 years	HTTP
_gid	hotelinking.com	Google Universal Analytics short-time unique user tracking identifier.	1 days	HTTP
__Secure-3PAPISID	google.com	These cookies are used to deliver advertisement that are more relevant for you and your interests.	1 year	HTTP
__Secure-3PSID	google.com	These cookies are used to deliver advertisement that are more relevant for you and your interests	1 year	HTTP

Name	Domain	Purpose	Expiry	Type
_ga_2YQPSBZ0V6	hotelinking.com	---	2 years	---
_gat_gtag_UA_51442675_1	hotelinking.com	---	Session	---