In 2018 the General Data Protection Regulation (GDPR) was introduced, and, if your business stores personal data (which, let’s be honest, most do these days), you need to comply – or risk heavy fines. If you’ve never heard of the GDPR before, this blog isn’t intended to give you the full rundown, because the internet is awash with descriptions of the new legislation (check out the link above for the official detail). Instead, we’ve decided to gather five of the most common myths about GDPR compliance and debunk them, because there’s clearly still a great deal of confusion over the replacement for the Data Protection Act 1998.

Myth 1: The GDPR is all about personally identifiable data only

The GDPR isn’t solely focused on protecting data that is obviously related to individuals (i.e. their name, address or date of birth).

The legislation also applies to information such as IP addresses and cookie tracking, and this is because the advertising sector no longer treats data of that ilk as anonymous.

Myth 2: The GDPR only applies to new data we collect

Nope. Sorry.

The GDPR applies to all personal data you store and process, no matter when it was collected.

Myth 3: My hotel booking system provider has sole responsibility to remain GDPR compliant – not us

You’re quite right in assuming that the hotel booking system provider needs to be fully GDPR compliant, but there’s a fair bit you’ll need to do, too.

Your hotel will collect and interact with data in a variety of ways, therefore every touchpoint needs to be accounted for, and they won’t all be linked to the hotel booking system.

Equally, even if you’re not physically storing the data yourselves, you’ll still be considered a data controller, and therefore subject to the GDPR’s rules.

Myth 4: The fines are the biggest threat

There’s no escaping the fact that fines of 4% of revenue or £17 million are potentially business-killers, but they should be relatively rare in the UK.

The Information Commissioner’s Office (ICO) has stated that it prefers “the carrot to the stick”, and it’s likely they’ll focus more heavily on companies that flout the laws or fail to notify them when a data breach has taken place.

So, the fines are a threat, but they’re not necessarily the biggest. If you’re hit by a data breach and your lack of GDPR compliance results in serious problems for your customers, the PR consequences could be far worse.

Wrapping up

There’s no escaping GDPR, but, equally, no reason to panic. Use our tips above to remain compliant, and don’t be afraid to call in professional help if you think you need it.


InnQuest Hotel Software is a leading technology provider for the hospitality industry. For over 25 years, innQuest has combined hotelier experience with innovative technology to deliver an all-in-one solution that empowers hotels to attract guests, drive customer loyalty, and increase profits. Our flagship hotel management software, roomMaster, helps manage over 5,500 properties across 100 countries. InnQuest develops scalable solutions ranging from a Hotel PMS, Cloud PMS, Channel Manager, Hotel CRM and helps properties enable guests to Book Direct. We believe that everyone deserves a great guest experience, whether they’re staying at a small B&B, a thousand-room resort, or anywhere in between.

Call us today on +44 (0) 33 0100 1090, or email us at We will be happy to walk you through innQuest’s solutions.

For US, please call +1 813 288 4900 or email