About usCareersPressMagazineSearch homes
Home
Travel & Lifestyle
Accommodations
Travel Guide
Holidu News
Hosts

Managing GDPR in your holiday rental

A Guide to Navigating GDPR Compliance for Holiday Rental Landlords

magazine_image

November 2024

The GDPR, meaning General Data Protection Regulation, is an EU-wide law that protects people’s data from misuse. As a holiday rental landlord, it’s very important to stay on the right side of this legislation, but how can you do that? Read on to learn more about the GDPR and how it can affect your business practices.

pexels-ferarcosn-211151

Publish your properties on Holidu

Which countries are covered by the GDPR?

The GDPR covers all countries in the European Union and has done so since its introduction in 2018. Of course, the UK is no longer a member state of the EU, but if you want people to rent your holiday flat in the UK, you’ll still need to comply with regulations. After Brexit, the UK adopted its own version of the GDPR, which is very similar to the EU law. As such, holiday rental landlords in both the EU and the UK will have the same considerations.

The GDPR focuses on what you do with the data you collect from your guests. It’s important to note that the nature of that data will vary from country to country, depending on national or regional legislation. For example, in 2024, Spain introduced a new law requiring holiday rental landlords to collect a significant amount of personal data from their guests, whereas other countries are more lenient. Regardless of the amount of data you collect, you’ll need to treat it carefully and confidentially. If not, you are breaking the GDPR laws.

towfiqu-barbhuiya-FnA5pAzqhMM-unsplash

The GDPR and holiday rentals

As a landlord, you will come into contact with lots of sensitive data, including guests’ names, addresses, passport information and contact details. If guests pay for their stay through a holiday rental portal, you may not see their bank information. However, if they pay through your holiday rental website or by using a credit card in person, you may also see some of their banking information.

All of this is covered by the GDPR, and you will need to act carefully to ensure you are not in breach of the law. Here are some ways you can manage GDPR responsibilities:

1) Store data securely

Article 32 of the GDPR covers data storage. You are obliged to keep data safe from risks, such as destruction, loss, alteration or unauthorised disclosure. In practice, that just means keeping the data systems you use secure. For example, you can use secure database software to store data, implement two-factor authorisation, or use other measures to protect it.

You may be in the habit of keeping a paper trail of documents. That’s fine, as long as they are stored correctly and safely and disposed of properly. You can’t leave any documents containing personal data lying around where others can see — and yes, that includes your family members, your property’s cleaners, and so on. When you want to destroy documents with personal data, you should do so using a shredder.

If you want to rent out a holiday flat in Spain, data storage is particularly important. The country’s new law obliges holiday rental landlords to keep guests’ personal information on file for a period of three years. In other countries, you can dispose of personal data far more quickly.

2) Get consent from guests to use their data

You can only use personal data for the reason you have obtained it — in this case, because someone has chosen to rent your house for holidays or short stays. Article 28 of the GDPR makes it clear that you cannot give personal data to a third party without explicit consent from your guests.

There are a couple of scenarios to consider here. Firstly, think about email addresses. When a guest books to stay in your property, you will have access to their email address. You can’t add them to an ongoing marketing list without their explicit permission, but you can contact them to discuss the particular booking they have made.

Secondly, you will need to be compliant if you are sharing your guest’s data with someone else, such as a driver who will pick them up from the airport or a local guide for a tour they’ve booked. It may feel tiresome, but you should always text your guests something like, “John will be waiting for you at 7 pm. May I pass on your phone number to him in case he needs to get in touch with you?” It’s better to do this in writing so that you have proof that you acted appropriately.

3) Write up a privacy policy for your holiday rental

Your privacy policy should be readily available on your website. Every time you advertise your holiday home, include a discreet link to this page, where guests can learn more about your data practices.

When you write a privacy policy, make sure it is in clear, simple English —you want no chance of language barrier issues. Your privacy policy should include:

  • The nature of the data you will collect
  • How you will store it
  • How long you will store it
  • What you will use it for

It’s a good idea to include a link to your privacy policy in every email you send to guests. This way, they have easy access to it if needed.

4) Respect guests’ privacy on personal matters

Article 9 of the GDPR forbids you from revealing personal information, including:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Data concerning health
  • Data concerning someone’s sex life or sexual orientation

This is data that you probably won’t store anyway, but you may inadvertently learn about. Do not share it without explicit permission — for example, if a couple stays in your holiday rental, do not post photos of them without consent. Similarly, you may learn about a guest’s medical condition because of questions they had about your rental home’s facilities. Keep this information strictly confidential.

5) Make sure all your staff members are GDPR-compliant

Cleaners, maintenance staff and other workers may discover personal data while on the job. Train them to ensure they follow the same GDPR guidelines as you — as, ultimately, you are the one who may face data protection fines if something goes wrong.

If you fail to comply with these guidelines, you face GDPR penalties. The most common are fines, which can be up to 2% of your business’s entire annual turnover. In addition, the jurisdiction in which your rental is located may set its own punishment. For example, landlords could lose their holiday rental licence if they do not obey the GDPR guidelines. Stay safe, and ask a lawyer if in doubt.

Publish your properties on Holidu

Other posts in this category:

Hosts

Aid and grants to modernise your holiday rental in Spain 2024

Hosts

Attracting guests travelling with children to your holiday rental

Hosts

Safety regulations and maintenance of swimming pools for holiday rentals

Hosts

Interview: From a Good to Great Host

Hosts

Best indoor plants for your holiday rental

Hosts

10 ways to improve your holiday rental in winter

Always receive the latest travel tips, last-minute discounts and other unbeatable offers for holiday homes.
By signing up, you agree to our GTC and Privacy Policy. You will receive offers from Holidu.
Popular destinations