What is GDPR? GDPR stands for General Data Protection Regulation. It is an EU regulation that was passed on April 14, 2016 and, after a two year transition period, came into effect on May 25, 2018. It was created to build transparency as to how companies collect, store and share their customers’ and their employees’ personal data. It impacts any company that does business in the EU (domestic businesses as well as those that target goods and services to EU citizens).

Do I have to be compliant?

By law, you must be compliantif you do any business or target customers based in the European Union.

What can happen if I am not compliant with GDPR?

Businesses can be fined up to 4% of their annual turnover or $24.6 million (€20 million), whichever is higher.

GDPR compliance with apaleo

apaleo processes hotel guest data, so it is important that we comply with GDPR regulations. We are fully compliant. We have appointed a person responsible for ensuring that our product and marketing efforts are all compliant.

Customer responsibilities

Hotels are considered as ‘data controllers’ under GDPR, meaning that you determine why and how you are processing customer data. You must also ensure that all vendors which are ‘data processors’ (eg. apaleo) are in compliance with GDPR. apaleo allows you to run your business in compliance with GDPR, but there are still things you need to do, including:

  1. Updating your privacy policy to inform customers about which data you are capturing, why you are processing the data, and who else will have access to the data.

  2. Signing the updated data processing (DPA) from apaleo and other technology providers

  3. Vetting all vendors to ensure that they are GDPR compliant. For proprietary systems, hotels must ensure that they are easily able to delete guest data upon request.

  4. Updating marketing to ensure that emails and mass communication is only sent to customers who have explicitly opted in to receive communication.

If you have any questions about apaleo’s GRPD compliance, please contact our data privacy officer, Andrea Ziegelmüller, at