Commissioned data processor

The new term “data processor” plays an important role in the implementation of the GDPR (General Data Protection Regulation). If a hotel collects, processes, stores and uses personal data, it usually needs the support of a commissioned data processor to do so. These are the service providers or software companies that are either used to securely store and use the data or those who have access through their activities.

Typical commissioned data processors in hotels are:

• Hotel Software, Property Management Systems
• Channel Manager, Web Booking Engine, Central Reservation System
• Revenue management software or service providers
• Accounting software or service providers, such as RHC Real Hotel Controlling.
• The web agency that has insight into the accesses on the web site. As well as the e-mail hoster or website hoster.
• Software for newsletter creation and dispatch
• If applicable, the manufacturer or maintenance service of the door locking system.
• CRM – Software provider
  And others….

Hotels as “responsible parties” for the personal data of their guests and employees must contractually ensure with their order processors that the latter only follow the instructions in handling the data and do everything to protect the data from unauthorised access, destruction, unauthorised disclosure, etc. This is done with each of these order processors. For this purpose, a commissioned data processing declaration must be concluded with each of these commissioned processors and properly documented.

By the way: RHC Real Hotel Controlling is not only a service provider for controlling or a professional accounting service, but also a consultant for data protection in hotels.