The General Data Protection Regulation (the “GDPR”) goes into effect on May 25, 2018. The regulation harmonizes the patchwork of privacy regulations currently in effect around Europe. The regulations help people stay in control of their information, and YouHotel agrees with this principle. YouHotel does not sell customer data or use it for anything other than helping hotels delight their guests. GDPR requires that companies take security and privacy seriously. It also requires transparency about how data is stored, moved, and processed. Companies must allow data subjects to control their data, and EU residents can ask for their data to be corrected, deleted, or exported. Companies need to document how they bulk process their customers’ information. They must enforce policies to protect that data, and for larger data processing operations, they need to have a Data Protection Officer with the power to control how data is processed and protected. Like the laws currently in effect, the GDPR defines when it is okay for companies to move data out of the EU. For the past year, YouHotel has worked with world-class legal, privacy, and cybersecurity consultants to audit its products and processes for GDPR compliance. In accordance with the regulation, we have balanced the need for security and data privacy protection with the legal, contractual, and commercial requirements of hoteliers.


The GDPR requires that data controllers define how data processors use the data they get from controllers. YouHotel has updated its Master SaaS Agreement, which provides the necessary information and includes the required components for GDPR, including standard contractual clauses for international data transfers.


YouHotel is GDPR ready. YouHotel has an updated privacy policy that was go into effect on or before May 25, 2018. YouHotel has already made required product changes to support compliance with the GDPR.


We cannot give you legal advice and ultimately you are responsible for your compliance to all laws. This FAQ represents a dedicated effort, working with world-class counsel and consultants, to understand GDPR and its impact on hospitality.