On 25 May 2018, the General Data Protection Regulation (AVG) will come into force. Hotels also need to set up their organisation to comply with the AVG to avoid facing fines or other sanctions from the Personal Data Authority (AP).
Hotels process a great deal of personal data of hotel and restaurant guests. Within the context of the AVG, what data of hotel guests is collected is important, among other things. Under the Act, a hotel is obliged to maintain a nightly guest register that includes the following data: the type of valid identity document, first and last name, place of residence, day of arrival and day of departure. However, hotels are not authorised to make a copy or scan of the identity document or to take over other data (such as the BSN number).
However, hotels are subject to further concerns under the AVG, including:
- The retention periods of guest and staff records;
- The drawing up and maintaining of a processing register;
- The use of camera surveillance in and around the hotel;
- The set-up of the guest administration programme;
- The use of (external) night porters;
- Concluding processing agreements with other parties;
- The use of (breakfast) lists;
- Contacting (former) guests for marketing purposes; The use of social media
- The use of social media;
- The use of a black list, which is only permitted to a limited extent;
- Providing camera images and/or the night lodging register to the police.
Our Privacy Team will be happy to advise your hotel on the AVG and its consequences for your hotel. Based on a privacy scan, in which we go through the processes within your hotel, we can also advise you on the concrete measures to be taken to make your hotel AVG-proof. For more information about the possibilities, please contact Monica Leenders and Janne Verheijden, without obligation.