Four Tips for Becoming GDPR Compliant

GDPR Compliance Deadline

Ciske van Oosten, senior manager of the global intelligence division at Verizon’s security assurance consulting practice, and John Barchie, senior fellow at Arrakis Consulting, offer the following tips for hoteliers looking to ensure their properties are GDPR-compliant.

Create a program.

“This applies to any program—hotels need to simplify the compliance workload by standardizing their processes, technology, policies, procedures, and communication,” van Oosten explains. “We’ve worked with hundreds of hotels on compliance programs, and the ones that are most successful are the ones that have a plan and create a concrete program with standardized processes and procedures.”

Consult with experts.


“Finding legal counsel is probably the best place to start,” Barchie says. “That person will hire consultants to help understand what actually needs to happen from an operational standpoint. And there are legal specialists in the United States who specialize in GDPR. These people can also help you rewrite any consent forms with the appropriate

Reach out to stakeholders.

“Set up an internal contract with stakeholders that specifies the purpose of the GDPR program. This gives hoteliers a formal and enforceable commitment of active participation in, and adherence to, the compliance program,” van Oosten says.

Don’t wait!

“Regardless of where they are, hoteliers must be compliant by May 25,” van Oosten stresses. “They need to understand the impact it’s going to have on their business and be prepared to make the necessary adjustments. There is no ‘do nothing’ option here.”


Read about how the European Union’s GDPR privacy rules will impact U.S. hoteliers here.

Previous articleCvent Names 2018’s Top 10 Meeting Hotels in the United States
Next articleChecking In with Mark Ricketts, President and COO of McNeill Hotel Company
Kate Hughes, Editor, LODGING Magazine


  1. I just came across your article and I work for an owner of a bed and breakfast and she is very confused about all this to say the least she is currently thinking about going on Airbnb and eliminating her website as to not have to deal with this Euopean privacy situation. She has somebody working on it pro bono but can’t afford the big bucks for an attorney. Any advice or suggestion is appreciated.

Comments are closed.