GDPR compliance for property managers
What you need to know about data protection
As a property manager, you will receive a lot of data about your guests. This data can be classified as the following:
Personal data, which can be used to identify your guest. This includes name, age, address, social security number, and so on.
Sensitive data, which tells you more about your guest. Examples of this are race, religion, bank account number and so on.
Irrespective of the data you collect, starting 25th of May, 2018, it must be used solely for the purpose it was provided.
An example of this is: You collect the name, address, phone number of the guest who wants to book your property. This information should be used only for activities such as communicating with the guest during their stay, maintaining their records for bookkeeping purposes, and so on. This data cannot be used for any other activity unrelated to the booking, such as posting this data on social media and similar forums.
All personal data provided to you as a property manager must be protected by implementing the right processes and safety measures.
Upgrade your data protection
To ensure that you are compliant with the GDPR policy come 25th May, go through the following clauses; they might have a direct/indirect impact on how you deal with guest data:
However, such a request should not be accepted in cases where you are obligated by law to hold on to certain guest information. For instance, you are required to keep financial data of guests for up to 7 years (in EU) and 5 years (in the US), even if the guest requests you to remove it from your systems.
For example, if you plan to use their contact information for sending promotional offers and sharing it with your third-party vendors, you must express it clearly before obtaining the data.
Similarly, guests should be able to easily withdraw their consent at any point in time.
Such a request can be two-fold:
If requested, you are obliged to share the purpose of the data that is being used; the how, when, and why.
You must also divulge the customer’s personal data along with any additional notes that you may have jotted down about them, such as their preferences in tea or newspaper.
The 5 commandments of data protection
In summary, we feel confident that you will be GDPR-compliant if you keep these tips in mind:
- Protect all personal data like it were your own.
- Use personal data only for the purpose it has been prescribed.
- If you are collecting and using sensitive data, ensure that it is being done so for lawful purposes.
- Do not hold on to personal data for longer than it is necessary.
- Do not transfer personal data to any other country unless you are sure that the country enforces adequate data protection measures.