18th April 2018

GDPR is all about customers data. It’s to protect people from getting marketing they haven’t signed up to, ensuring the data held about them is secure and that they can access data held about them and request it be deleted. It’s a high-profile piece of legislation and has been reported in national press so people are aware of the changes and will expect businesses to be compliant. We do have to add a disclaimer here, Sawday’s aren’t legal professionals and if you’re in doubt about any part of GDPR, you should consult a lawyer.

What are the main aspects and their impacts for Owners?

  • Consent: you can no longer use customer data for any purpose without recorded consent. For example, if a guest makes a booking with you, they have to knowingly opt-in to a newsletter if you wish to contact them after they have stayed. If you have written in your terms and conditions that you’ll send everyone who books a newsletter, this is no longer compliant, it has to be made very obvious what they’re agreeing to. It must also be easy for customers to withdraw consent.
  • The right to be forgotten: any customer can request that you remove all the data you hold on them at any time (unless you have a legal requirement to store that data)
  • Security: any place where data is stored needs to be secure. That means any spreadsheets with contact information should be password protected and only accessible by people that need access. The legislation calls it “privacy by design” and it means that you’re expected to decide how you store data with security and privacy in mind.
  • Right to access: customers can request a free, electronic copy of any information held on them at any time. This includes any notes you’ve added to their record, i.e. “has a dog” or “never leaves a tip”.


What about the data Sawday’s sends me?

When a guest enquires through our website, we send you their contact details. In terms of answering their questions and/ or making a booking, you don’t need to do anything differently. The main change is that guest hasn’t given any permission to be contacted by you for marketing purposes, so you can’t add them to your newsletter list or send them any other form of promotion without their expressed consent.


Where can I find out about all the changes?

Visit Britain has created a comprehensive overview of GDPR specifically for accommodation providers: https://www.visitbritain.org/pink-book/registration-and-data-protection. We highly recommend you read it.