We covered the basics of GDPR (General Data Protection Regulation) in the last post. This week we will be covering which types of data are protected and some of the basic requirements of the GDPR. This is important for hotels even outside the EU, because the regulation includes every organization that collects personal information on EU residents.
Types of data protected are any that can identify an individual. That can include a vast number of items and context can change everything. For instance, a first and last name may not identify a specific individual, but it can if it’s accompanied by additional information. This can include digital information such as cookies, email addresses, mobile location data, and IP addresses. It also includes hard data like names and identification numbers as well as biometric data.
The regulation outlines important rights for consumers including the right to be forgotten and right of access to and portability of their data. These consumer rights create more transparency and accountability for organizations that collect any of the protected data. Companies will also be required to report data breaches, and those that engage in large scale systematic monitoring or processing must appoint a Data Protection Officer.
If you’d like to read further, you can visit the GDPR website at this link.