What is Mews doing to comply with the GDPR law?
We are reviewing our internal processes and seeing how we can further protect client data. As well as this, we are improving user-rights and limiting access to parts of the system to those that need to access certain parts.
Similarly, we are extending our Navigator platform so that we can give guests full control of their data. They will be able to login to the Navigator and see all their personal information we have stored, and to which integration partners this was distributed. We will include an option to delete their data from Mews (and ability to send the request to integration partners), but only after they have physically stayed in the hotel, as you still need their data in order to process the reservation.
When will Mews notify us on what has been done?
This will be an ongoing process finishing in May 2018 - there will be multiple features released until then. As usual we will announce them via our MewsFlash e-mails that you can subscribe to (e-mail to firstname.lastname@example.org if you would like to get included on this mailing list).
What is the deadline for Mews to be compliant?
What is needed from a hoteliers point of view?
Hotels should assign a dedicated Data Protection Officer per hotel or per chain who is in charge of this project internally. It would also be great to get a trainer in so that your employees are trained in how to look at data privacy.
We recommend you conduct an internal audit of all the software you use, which is collecting and storing personal data of guests and employees, and ensure they will all comply with GDPR guidelines by May 2018.
Renewal of the contract
We are working on updating the Data protection specs in the contract to comply with the new framework. This will come in Q1 of 2018.
Will Mews get a GDPR verified certificate?
We will perform a series of penetration tests, so once these are completed, there will be a GDPR assessment.
Is there anything we (the hotel) need to submit to our country officials?
No, however you should become acquainted with the country'd DPO in case you need to report a leak of your data (you will have 72 hours to respond to an identified data leak).
A great overview of what GDPR is and what it means for the industry was given by EyeforTravel recently. We think you may benefit from viewing this link https://www.youtube.com/watch?v=D2Qf-FLqjro.
As this is quite extensive, you may find a summary attached to this FAQ.