Databases are valuable for the operation of a hotel, as well as for ensuring its attractiveness. The customer file is one of the main assets of a hotel establishment.
Since May 2018, the collection of information is more strictly regulated by the General Data Protection Regulations, more commonly known as the GDPR. This regulation aims to homogenize the management of data collection in Europe.
While the DPMR has strengthened the protection of personal data, the transition has gone almost unnoticed in France. It is still possible to collect data, as long as they are not "sensitive".
The data collected must comply with a purpose principle. This means that the use of customer data must comply with a final purpose communicated to the data subject. To illustrate this, let us take a concrete example. During a check-in, you can ask your customers to sign a paper, authorising you to collect data for a specific purpose but also indicating what kind of data will be recorded. However, you will not be allowed to use the data in any other way than what is mentioned on the paper.
According to the DPRG, it is forbidden to collect data for no other purpose. Each collection must be assigned a purpose, i.e. you may not retrieve and use data in case it is useful at some unknown future time.
If consent was given before May 25, 2018, it is not necessary to obtain it again.
In addition, the DMPR strictly controls access to databases. Databases must be secure. Thus, access must be restricted internally to only those persons who need access to the data. Access must be equally strict with subcontractors and partners.