The General Data Protection Regulation (GDPR) is a data protection law that came into effect in the European Union (EU) on May 25, 2018. It is designed to harmonize data privacy laws across Europe, strengthen data protection for individuals within the EU, and regulate the way organizations handle, process, and store personal data.

The GDPR applies to all organizations processing personal data of individuals residing in the EU, regardless of where the organization is located. Non-compliance with the GDPR can result in fines of up to 4% of the violating organization’s annual global turnover or €20 million, whichever is greater, depending on the violation.

GuestLabs processes accommodation providers’ guest (consumer) data and adheres strictly to GDPR regulations. Our designated representative ensures compliance across all our products and marketing efforts.

Short-term rental providers, classified as 'data controllers' under the General Data Protection Regulation (GDPR), are required to adhere to strict guidelines when managing guests' personal data. Here are essential steps they should follow:

• Ensure transparent privacy notices are provided, detailing the collection, usage, and processing of personal data, including who else may access it.
• Sign updated Data Processing Agreements (DPAs) with GuestLabs and any other third-party service providers (e.g., property management systems, booking platforms).
• Support guests in exercising their GDPR rights, such as accessing their personal data, correcting inaccuracies, deleting data (where applicable), and restricting processing.
• Update marketing practices to ensure emails and mass communications are only sent to customers who have explicitly opted in to receive them.

For further inquiries regarding GuestLab’s GDPR compliance, please contact our data privacy officer at gdpr@guestlabs.com.