{"id":13830,"date":"2018-02-13T09:00:00","date_gmt":"2018-02-13T09:00:00","guid":{"rendered":"https:\/\/amaraproyectos.com\/amara\/sin-categorizar\/european-data-protection-regulation\/"},"modified":"2018-02-13T09:00:00","modified_gmt":"2018-02-13T09:00:00","slug":"european-data-protection-regulation","status":"publish","type":"post","link":"https:\/\/amara-marketing.com\/en\/travel-blog\/european-data-protection-regulation\/","title":{"rendered":"From LOPD to GDPR. The new European data protection regulation."},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p><span style=\"font-weight: 400;\">To date, the hotel sector had lived with the LOPD (Organic Law on Data Protection) approved in 1995 as a result of the EU Data Protection Directive. But now a new horizon of changes and obligations is opening up for this and many other sectors that handle personal information of their customers.<\/span><\/p>\n<p><!--more--><\/p>\n<p><span style=\"font-weight: 400;\">The new General Data Protection Regulation or GDPR has direct implications for the management and use of data on individuals in the European Union. Not surprisingly, almost all hotel brands will be affected.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">{{cta(&#8216;bb2971b9-bf36-4c36-8edc-75223dba5208&#8217;)}}<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Already our <\/span><a href=\"\/blog-turismo\/gdpr-para-hoteles\" target=\"_blank\" rel=\"noopener\"><br \/>\n  <span style=\"font-weight: 400;\">previous publication<\/span><br \/>\n<\/a><span style=\"font-weight: 400;\">In this article, we discuss what this new European Union regulation consists of, what its objective is and how it affects the hotel sector, one of the most susceptible to this change, due to the considerable amount of personal data it handles. On this occasion we would like to talk more specifically about its principles and obligations.<\/span><\/p>\n<p><\/p>\n<h2><strong>So what are the principles of GDPR?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">According to the  <\/span><a href=\"https:\/\/gdpr-info.eu\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Article 5. of the GDPR<\/span><\/a><span style=\"font-weight: 400;\">where the most important principles of this regulation are summarized, <\/span><strong>personal data shall be<\/strong><span style=\"font-weight: 400;\">:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><strong>Processed in a legal, fair and transparent manner in relation to the<\/strong><span style=\"font-weight: 400;\"> in relation to the person concerned.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Collected for a limited purpose; that is, <\/span><strong>these data must be collected for specified, explicit and legitimate purposes, and must not be<\/strong><span style=\"font-weight: 400;\">and must not be processed in a way that is incompatible with this purpose.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Adequate, relevant and limited<\/strong><span style=\"font-weight: 400;\">  to those that are necessary in relation to the purposes for which they are collected. This means that data minimization is applied, so that organizations only have data that is essential for this purpose.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Accurately stored and managed <\/strong><span style=\"font-weight: 400;\">and, where necessary, reasonable steps shall be taken to keep them updated. <\/span><strong>updated<\/strong><span style=\"font-weight: 400;\"> or deleted if necessary.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Stored on a limited basis.<\/strong><span style=\"font-weight: 400;\">  In other words, personal data will be stored for no longer than is necessary for the purposes for which they were processed in the first place.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Processed with complete confidentiality and integrity<\/strong><span style=\"font-weight: 400;\">. Personal data must be processed in a manner that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Based on these principles, hotel companies should take <strong>into account a series of actions in terms of processing<\/strong>. Although these are practices that have been done with the LOPD, now it will be necessary more than ever:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><strong>Document and identify the legal basis<\/strong><span style=\"font-weight: 400;\"> on the processing of this data to demonstrate compliance with GDPR.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Provide complete information  <\/strong><span style=\"font-weight: 400;\">on the legal basis in reference to the data processing that your hotel will do, from the time of collection. This information, easily accessible, should be concise, transparent and in clear and simple language for full understanding.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>Specify and document the basis for the legitimate collection of this data.<\/strong><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\"><strong>No longer obtain consent by omission<\/strong><span style=\"font-weight: 400;\">The consent of the person must be explicit, unequivocal and free.<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" src=\"https:http:\/\/amara-marketing.com\/wp-content\/uploads\/GDPR%20regulacio%CC%81n%20de%20datos.jpg\" alt=\"GDPR data regulation\" width=\"1920\" height=\"677\" style=\"width: 1920px;\"><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>And what are the main obligations?<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">The GDPR takes into account a series of rights of those EU individuals (called &#8220;data subjects&#8221;) that go beyond the traditional ARCO rights (access, rectification, cancellation and opposition) with which the LOPD intended to guarantee individuals control over their personal data. This change means that companies have a series of  <\/span><strong>obligations regarding the responsibility for the management of the personal information of their contacts<\/strong><span style=\"font-weight: 400;\">data subjects.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">EU individuals shall have <\/span><strong>right of access to their personal information<\/strong><span style=\"font-weight: 400;\">This means, among other things, that they will have the right to obtain a copy of the personal data that the hotel has collected about them. This right may also be met by providing secure remote access to a system containing the personal data. According to the GDPR in most cases,  <\/span><strong>no charge may be made for processing a request for access unless it can be demonstrated that the cost would be excessive.<\/strong><span style=\"font-weight: 400;\">unless it can be demonstrated that the cost would be excessive.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The <\/span><strong>limitation<\/strong><span style=\"font-weight: 400;\"> of use of personal information, which means that, at the subject&#8217;s request, his or her personal data will not be used for the processing operations that would be appropriate.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">In addition, data subjects may request their right to have their data erased (<\/span><strong>right to be forgotten<\/strong><span style=\"font-weight: 400;\">), which companies must respect, and in the event that any of this personal data has been made public, appropriate measures must be taken to erase it as well.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The GDPR details a number of  <\/span><strong>organizational measures<\/strong><span style=\"font-weight: 400;\">  necessary to be complied with, such as, for example, the appointment of an  <\/span><strong>Data Protection Officer<\/strong><span style=\"font-weight: 400;\">The company will have to adopt measures such as the choice of agents to demonstrate compliance and compliance with the GDPR, the  <\/span><strong>risk assessment<\/strong><span style=\"font-weight: 400;\">  data processing and the data processing and  <\/span><strong>establishment of data protection policies<\/strong><span style=\"font-weight: 400;\">among others.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">It will also be necessary to <\/span><strong>technological security measures must also be taken to protect personal data.<\/strong><span style=\"font-weight: 400;\">. In the case of hotels, both hardware and software applications as well as hard copy files should be reviewed. And if not already done, it would be necessary to implement a series of encryption codes, passwords or access limitations to protect access and data integrity.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">This new regulation also describes how companies should act in the event of data exposure and breach. <\/span><strong>in case of exposure and data breaches<\/strong><span style=\"font-weight: 400;\">allowing data protection authorities to impose severe fines on companies in the event of data <\/span><strong>severe fines in such a case. <\/strong><span style=\"font-weight: 400;\">in such a case.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A whole series of tasks that must be taken into account with this new scenario, both at a legal level and at a strategic level for the marketing of the hotel. Our recommendation is to go step by step, for which we recommend that you complete  <\/span><a href=\"https:\/\/www.hubspot.com\/data-privacy\/gdpr-checklist\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">this series of questions<\/span><\/a><span style=\"font-weight: 400;\">. And of course, don&#8217;t forget the implication that GDPR will have on your hotel brand marketing.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new horizon of changes and obligations opens up with the new European data protection regulation or GDPR that you should be aware of for the management of your hotel.<\/p>\n","protected":false},"author":1,"featured_media":8610,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[299],"tags":[],"class_list":["post-13830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-travel-blog"],"_links":{"self":[{"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/posts\/13830"}],"collection":[{"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/comments?post=13830"}],"version-history":[{"count":0,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/posts\/13830\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/media\/8610"}],"wp:attachment":[{"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/media?parent=13830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/categories?post=13830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/amara-marketing.com\/en\/wp-json\/wp\/v2\/tags?post=13830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}