GDPR: Profitroom systems compliance with EU requirements

GDPR: Profitroom systems compliance with EU requirements

08 March 2018Filip Warguła

For over 10 years, we have provided hotels with tools which let them acquire guests from online bookings. The booking procedure involves processing personal data of guests. Our systems collect, among others, guest's name and surname, address, and contact details. For that reason, we have to pay special attention to the requirements coming into force on May 25, 2018.


GDPR is a new EU regulation which includes a set of rules concerning the storage and management of personal data. The new rules ensure greater security for consumers who increasingly share their personal data with various entities.  At the same time, they expect high security in data processing to maintain privacy.

The compliance with GDPR has been imposed on entities of all the member states. The failure to comply with the rules will result in high fines of up to € 20,000,000 or 4% of the total global annual turnover from the previous financial year.

We have been working to adapt our systems and products to the requirements of the GDPR for many months to make sure that hotels operate in accordance with these rules. The implemented updates not only provide high security for hotel guests but also for hotel employees working with large databases.

What changes have been implemented in Profitroom products?

To ensure full compliance with the GDPR, we are going to implement changes to all key Profitroom products.

Profitroom Booking Engine

  1. Access to guest data for the period of only 12 months. From 25 May 2018, IT systems shall process consumer personal data within a reasonable time limit. In the case of Booking Engine, we decided to enable guest data processing for the period of up to 12 months from the check-out date. After the deadline, guests' personal data will be unavailable. Therefore, we provide hotel guests with a reasonable level of privacy. Guests will receive information about the 12-month data processing period during the booking process. 
  2. New booking regulations. Together with experienced law specialists, we have prepared a new term which the hotel guests have to accept before the booking is made. The content of the terms and conditions will also be available to print or download as a PDF file. The new regulations have been prepared with special attention to all the legal aspects referred to in the new General Data Protection Regulation. We are convinced that the new regulations guarantee enhanced security for both hotels and guests, as well as for bookings made with the use of Profitroom Booking Engine.
  3. Hiding guest data in email notifications. To ensure time-limited access to the guest personal data, we have decided to remove the personal data in the new booking notification which is sent to the hotel mailbox. Every message on the new booking will still contain a link to the booking details included in Profitroom Suite. Such a change ensures that no guest data is processed after the period of 12 months from the date of check-out.
  4. Increased security of data storage. We are going to introduce additional IT security measures to ensure the highest level of security in the storage of personal data. As a result, data reading will be protected against unauthorized use to the highest possible extent. Guest personal data will be encrypted. Access to the data will be available exclusively to users authorized by the hotel.

Do you have questions? Contact us now!

Contact us for more information on the product compliance with GDPR. Please send your questions to