Booking – GDPR For Hotels


Administering Bookings

Booking administration for a short let business should be a very simple thing to do.  If you have one unit to sell – “an apartment” or “a cottage” – then all you need is a diary or a calendar.

You might use a paper diary or a wall chart yearly planner.  The reservation is a simple “on” or “off” for each date of the year or season.  But a paper based calendar doesn’t lend itself to making online bookings, so many owners are now using Google Calendar or Outlook Calendar for this purpose.

Regardless of which method you use, you will be processing personal data from the customer when you take the booking.

The very least I would suggest you will collect will be a name and contact telephone number or email address.  You will probably also collect a full postal address and probably some method of payment.

When you carry out your data process mapping (using the “5W + B” document), it will become clear exactly what you collect.  If the booking data comes from a 3rd party such as AirBnB there may be other types of data involved, which could be used to identify an individual and thus fall under the scope of GDPR.

Processing Payments will be considered on the “Payment” page.

If you are using a 3rd party such as AirBnB or an online travel agent (OTA) such as or Expedia, they will send you the reservation data by email, perhaps by fax as a backup for email.  You can sometimes also access the reservation details on the 3rd party website extranet.

When you collect this data, how do you process it?

Do you write it down in your booking diary?  Or is a copy printed out and stored in a file somewhere?

When you carry out your process mapping, it pays to be quite specific about the data you collect and where it is stored.