How the hotel industry has adapted to GDPR
The European Union's General Data Protection Regulation went into effect in May 2018, but many companies outside of Europe are still playing catch up.
The GDPR was implemented last year and every company it applied to should have been fully compliant by then, said Finn Schulz, principal at Schulz Consulting, an independent technology consultancy in the EU.
"The (U.S.) hotel industry more looked at it as a starting point," he said. "Slowly, surely, they're getting the processes in place."
Brand pushes
Because it was clear that the GDPR would apply to European hotels, European hoteliers are much further ahead in being compliant with the data privacy law, said Sandy Garfinkel, attorney at Eckert Seamans and chairman of the firm's data security and privacy group. The U.S. hotel industry has been a mixed bag, with many companies conducting an analysis to determine whether they would need to comply with the GDPR. There was some resistance to the idea, he said.