The General Data Protection Regulation (the “GDPR”) goes into effect on May 25, 2018. The regulation harmonizes the patchwork of privacy regulations currently in effect around Europe. The regulations help people stay in control of their information, and YouHotel agrees with this principle. YouHotel does not sell customer data or use it for anything other than helping hotels delight their guests. GDPR requires that companies take security and privacy seriously. It also requires transparency about how data is stored, moved, and processed. Companies must allow data subjects to control their data, and EU residents can ask for their data to be corrected, deleted, or exported. Companies need to document how they bulk process their customers’ information. They must enforce policies to protect that data, and for larger data processing operations, they need to have a Data Protection Officer with the power to control how data is processed and protected. Like the laws currently in effect, the GDPR defines when it is okay for companies to move data out of the EU. For the past year, YouHotel has worked with world-class legal, privacy, and cybersecurity consultants to audit its products and processes for GDPR compliance. In accordance with the regulation, we have balanced the need for security and data privacy protection with the legal, contractual, and commercial requirements of hoteliers.
The GDPR requires that data controllers define how data processors use the data they get from controllers. YouHotel has updated its Master SaaS Agreement, which provides the necessary information and includes the required components for GDPR, including standard contractual clauses for international data transfers.
WHAT IS THE GDPR STATUS OF OUR PRODUCTS?
We cannot give you legal advice and ultimately you are responsible for your compliance to all laws. This FAQ represents a dedicated effort, working with world-class counsel and consultants, to understand GDPR and its impact on hospitality.