GDPR

The European Union's data protection law, which governs how hotels and their software vendors process guest personal data.

GDPR is the legal framework every European hotelier has to think about when choosing software. It sets rules for lawful basis of processing, data subject rights, retention, breach notification, and cross-border data transfers. For hotel software specifically, the questions that matter are: who is the data controller, who is the processor, what does the DPA say, where are the servers, and which sub-processors are involved.

DPA
Sub-processor
Data residency