Data privacy has always been a relevant and widely discussed matter, however, the European General Data Protection Regulation was the one who gave real strength to the discussion. The regulation compelled companies to adapt and implement policies that actually safeguards consumer’s data.

The GDPR was so important that it even affected companies outside the European Union, as international transfer of data of people in Europe is also susceptible to the regulation. Consequently, even companies headquartered in other countries, if they had business relationships in Europe, had to adapt to it.

From this point on, there was a worldwide effort by governments of other countries to create their own data privacy standards. In the United States, despite the absence of a unified general law, such as the European GDPR or the Brazilian LGPD, there are several regulations that protect the rights of consumers regarding their data. Some of them are: Driver’s Privacy Protection Act, Children’s Online Privacy Protection Act, Fair Credit Reporting Act, Telemarketing Sales Rules, Health Insurance Portability and Accountability Act. In addition to these, there are state-level data privacy laws such as “California Consumer Privacy Act”, “Virginia Consumer Data Protection Act”, “Colorado Privacy Act”, and six other states already have their own.

Given this context, how does the hotel industry get affected and what steps should be taken to comply and protect consumer’s privacy?

Before delving into the posed questions, it is worth noting that the former EU-US Privacy Shield, a legal framework, used to transfer information between the two economies, is no longer legally valid. Currently, in order to avoid economic issues  for companies that need to transfer data in their activities, a new framework has been adopted, called EU–US Data Privacy Framework. With this, the European Commission adopted its adequacy decision, by understanding that the new methodology meets adequate levels of protection. One of the main goals of the new Framework is to limit US Intelligence’s access to personal information of a data subject based in Europe. In addition to the commitments assumed by the US government, companies must follow a detailed list of obligations to comply with the framework and ensure data protection.

All this news regulations have a big impact in hotel regulations, currently, the most used type of software in the hotel industry is the Property Management System (PMS), with it, hotels can manage check-ins and check-outs, room service, sales, and several other services and operations of the hotel.

That said, we must pay attention to certain factors related to data privacy in such softwares:

1. Data Storage Location: PMS software needs to be adequate and meet all the criteria established by the data protection regulations of different countries. For example, if a European hotel stores data in the United States, it constitutes international data transfer, and the GDPR presents specific rules for this scenario. In addition, as mentioned above, companies need to meet the requirements of the EU–US Data Privacy Framework.
2. Database access: it is important that the software used by the hotel differentiates the access level of each employee. For example, room cleaning staff need to know which rooms need cleaning, but they don’t need to have access to data such as address, nationality, among others.
3. Employee training: it is important to train and educate the employees on how the software should be used, to avoid any security breach. Because it’s not just up to the software to provide security, users must also use it responsibly. In addition, training contributes to the creation of a culture of privacy protection among employees.

These are just a few highlighted measures. It is worth emphasizing that good privacy measures increase consumer confidence. When they feel protected and respected, they’re more likely to recommend or hire the service again.