General Data Protection Regulations (GDPR) Introduction
General Data Protection Regulations (GDPR) is a set of rules designed to give European Union (EU) citizens more control over their personal data.
GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers from the EU.
innRoad has taken steps to allow a property to comply with the below rights related to GDPR:
- Right of Access
- Right to be Forgotten
This document explains how this new feature works within innRoad.
Please contact support at 855.INN.ROAD or support@innroad.com for any assistance on this.
Right of Access
Right of Access means that the property is required to provide the guest with a copy of their personal data upon request. This would mean that all information pertaining to the individual should be available for the guest to see.
How can I provide all the information for a guest?
Step 1: Navigate to Admin> GDPR Tab and search for the guest by the First Name, Last Name, Email or Phone Number.
Step 2: Select the information for a guest that needs to be exported from the search results.
Selecting a Guest Profile will also export the information of all reservations associated to it.
The user can only select information for past reservations where the folio balance is zero.
Step 3: Click on the “Export” button to download the information in Excel.
An excel file named “Private Data-<dateOfExport> will be downloaded.
How will I know if data for a reservation was exported?
Once the data is exported from the GDPR tab then a history log appears in the reservation.
Right to be Forgotten
GDPR introduces a right for individuals to have personal data erased. This is known as the “Right to be Forgotten'.
innRoad allows a property to “anonymize” all guest information from reservations and accounts.
How can I erase all information of an individual to comply with GDPR?
Step 1: Navigate to Admin> GDPR Tab> and search for the guest by the First Name, Last Name, Email or Phone Number.
Step 2: Select the Reservations and/or accounts that information needs to be erased.
Selecting a Guest Profile will also export the information for all reservations associated to it.
The user can only select information for past reservations where the folio balance is zero.
Step 3: Click on the “Anonymize” Button.
Step 4: Read the Warning Message and click on “Confirm”.
Note:
Once information is anonymized the action cannot be undone. The information is permanently removed from innRoad and cannot be recovered.
Personal documents stored in the documents tab will not be deleted automatically. The property is responsible to delete these manually.
How will I know if the data for a reservation is anonymized?
Below are the indicators that personal data has been removed:
An alert appears in red stating “This reservation has been anonymized”
Guest First and Last name is replaced with “Anonymized”
The Reservation/Account no longer displays any personal information that can identify the individual.
4. The history displays the date, time and user that performed the GDPR anonymization.
Who can export and anonymize data?
Only users that have permissions for “Anonymize Guest Data” & “Export Guest Data” can click on the Anonymize and Export button respectively on the GDPR screen.
Note: This new feature is highly sensitive, therefore it has only been given by default to existing roles/users with the permission for “Update Roles”.
If you wish to provide other roles with this ability then this can be done in Admin>Roles> Special Functions.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article