Transferring data now must be fully transparent to the consumer, and all of the ways a property uses the data must be explicit. For example, if a traveler agrees to receive a newsletter, they do not, by default, also agree to receive all promotions or correspondences from a property.

Properties and their partners must encrypt personal data to protect the consumer’s identity and ensure that appropriate measures are taken to safeguard the integrity of that data. This is a lot to take in and execute for any hospitality business.

But the EU measures are just the beginning of widespread consumer data reform.