Hotel Data Security - An introduction to PCI and GDPR compliancy

Thank Hospitality that we live in a time where most booking channels and hotel management software can be integrated and managed from one single point. That being said, this makes it easy to forget how many different places your guests' data actually is retrieved and stored. The increase in online distribution channels that provide and contain personal data to hotels, makes hotel data security a more important topic than ever.


Guest data does not only apply to credit card details (PCI - Payment Card Industry Data Security Standard) but also all other personal data like names, addresses, travel details and profile information (GDPR - General Data Protection Regulations). Considering your property is linked to multiple sources that handle guest data like (online) travel agencies, Channel Manager and PMS and/or CRS, this is something you need to be especially aware of. Because of this clustered data of personal information, the hospitality industry is vulnerable to attack.


Hotel Data security PCI GDPR

Trustwave published a 2016 article that shows that the hospitality sector had the second-largest share of data incidents by industry at 14%. Not only booking channels and online distribution providers can be held accountable for this increase, but also internal facilities like the hotels' WIFI network are risk factors that distribute many guest and hotel data.

Because of these increasing risks, distribution vendors need to uphold strict security regulations. It is not only your job to find the right vendor based on their unique offer and fit with your hotel, but also if they are PCI and GDPR compliant. Your guests also expect that you are following the same security rules. They might not be acquainted with terms like PCI and/or GDPR, but they are aware of hacking risks and are not always willing to provide all their personal information. As such, hotels have a heightened responsibility to protect this information at all costs. So this means that your hotel needs to safeguard digital data, meaning adhering to strict guidelines.


What are the consequences of not meeting the security standards?

Imagine a data security breach at your hotel that puts guest info and credit card details out in the open. Other than high financial charges, the hotel suffers huge losses on brand reputation. Especially if you are connected to a franchise chain, the consequences could be severe. If you accept credit card payments, you are legally obliged to comply with PCI. If you fail to meet these obligations you can lose your right to accept credit card payments. The results of this are self-explanatory in today’s online payment landscape.


Hotel Data Security PCI

How do I check if my hotel is PCI and GDPR compliant?

PCI Compliance

Payment Card Industry Data Security Standard (PCI-DSS) is an international security regulation that is developed in cooperation with credit card companies. To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI-DSS) offers a guideline with 12 central security areas. It consists of steps that mirror security best practices.

With a few steps, you can check if you meet the requirements of PCI-DSS compliance. We do suggest getting in touch with a specialized office in helping you with your hotel security.


GDPR compliance

From 25 May 2018 GDPR (General Data Protection Regulations) will be implemented in the European Union. This regulation was adopted on 27 April 2016 to extend and strengthen the rights of all EU citizens and residents concerning the collection, storing and processing of their personal data by companies and organizations. Personal data included an extensive list of details like a person's name, passport number, bank account number, email address, IP address etc.

With a few steps, you can check if you meet the requirements of GDPR compliance. We do suggest getting in touch with a specialized office in helping you with your hotel security.


Other useful links:


SmartHOTEL Channel Manager


About SmartHOTEL

For more than 16 years, SmartHOTEL has been helping hoteliers navigate the exciting world of online distribution. From our office based in the Netherlands and the United Kingdom, our team serves independent hotels, hostels and chains worldwide by providing channel management and tailored online distribution solutions. A lot has changed over the last years, but our goal remains the same: simply connect hotels to the world. For any questions regarding our services, please contact us at or call +31 (0)182 75 11 18.


By Sebastiaan | February 28, 2018

Share This Story, Choose Your Platform!


Recent Posts