Stayntouch and GDPR Compliance

Do you know what it means to be GDPR compliant? Here are three action items you and your staff need to do to become GDPR compliant according to Hospitality Tech.

1. Internal processing: A hotel must provide very detailed information on why it needs to process personal data and how long it plans to keep it. This procedure involves organized retention policies, so that a hotel always knows the status of such information.

Stayntouch has made changes in Stayntouch PMS to make it easier for hoteliers to add this in the terms and conditions during check-in and also when creating reservations.

2. Protecting data: A hotel must keep technical and organizational records to prove it is protecting data. It will also need to show the supervisory authority that it has these mechanisms in place.

Stayntouch has added additional monitoring and other security measures to detect any unauthorized access to its infrastructure and the data. Alerts are sent to the appropriate team to respond to any anomalies. Any severity 1 alert is also communicated to the highest level in the organization so there is a full visibility, in case there is any data breach.

3. Opt-in process: Hotels need a section on their website that permits “opting in”, thus allowing hotels to store PII data. Furthermore, they must explain the process, enabling guests to access, modify, and delete information.

Stayntouch has made improvements in Stayntouch PMS to get the consent of the guest through terms and conditions during check-in and also when creating reservations. We have enhanced functionality around GDPR to help your efficiency and internal processes. You can search a guest's data and can delete it as well (when there is no associated reservation), or erase it with first/last names masked. Here is how to use this feature.