Table of Contents Table of Contents
Previous Page  11 / 24 Next Page
Information
Show Menu
Previous Page 11 / 24 Next Page
Page Background

2017 

|

2018 HOTREC ANNUAL REPORT

|

11

From 25 May 2018 onwards, all companies processing personal data have to apply the General Data Protection

Regulation (Regulation (EU) 2016/679). Following its strong lobbying campaign between 2013 and 2015, HOTREC

released during 2017 specific guidelines for hotels, restaurants and HOTREC National Associations.

Helping hospitality businesses meeting their legal requirements while calling Member

States to allow flexibility to implement GDPR and not to apply fines to small and medium-

sized enterprises

Within the guidelines, the following points were highlighted, according to HOTREC’s interpretation of the

Regulation:

All companies have to comply with the basic principles of the Regulation, namely: fair, lawful and

transparent data processing; the purpose limitation principle (data can only be processed for legitimate

and specific purposes); data minimisation (data needs to be limited to what is necessary); accuracy (data

needs to be up to date); data retention period (data can be processed for no longer than necessary); data

security; accountability;

The Data Protection Officer is not compulsory in hospitality enterprises, as the hospitality sector’s core

business is not data processing but the provision of a hospitality service to a client;

Impact assessments and prior consultations are, on a general basis not needed in the hospitality sector, as

they do not constitute a high risk for the rights and freedoms of the individuals;

Hotels, restaurants and bars are not obliged to delete completely data from former clients (e.g. for direct

marketing purposes), if they are processing data on a legitimate interest.

Alongwith its support to its 1.9million small andmedium-sized enterprises, 90% of which beingmicro-enterprises,

HOTREC together with UEAPME have been calling Member States to show flexibility in enforcement and not to

apply fines during a period of one year.

Contributing to a homogeneous interpretation while minimising costs for SMEs

By delivering sectoral guidelines, HOTREC was able to support companies to comply with the legislation and

avoid unnecessary administrative burdens. HOTREC also recommended to its Members to show these guidelines

to their respective Data Protection supervisory authorities at national level, and explain the arguments behind

HOTREC’s interpretation of the Regulation. This shall help achieving a more homogeneous interpretation at

national level when implemented by the hospitality sector, while minimising compliance costs for businesses.

Support small and micro-enterprises to

implement GDPR

HOTREC activities shall help achieving

a more homogeneous interpretation

of the Regulation, which will minimise

compliance costs, while askingMember

States for flexibility in enforcement

during one year without any fine for

SMEs.