Home / Publications / GDPR in hospitality

GDPR in hospitality

are you ready for action?

29 January 2018

The General Data Protection Regulation (GDPR), which applies from 25 May 2018, will bring about a step change in risk for organisations in the Hotel & Leisure sector.

The GDPR will have a major impact on the hospitality industry, bringing with it requirements to change and adapt operations, truly understand the flow of data through businesses in the sector and potentially impact on business models and structure. With possible large administrative fines for breach of GDPR and significant reputational risks from misuse or breaches of personal data, it is key for businesses in the industry to focus on compliance.

Will your organisation be ready to comply?

CMS have complied a Hospitality GDPR Action Pack to provide clients with some useful, practical, tools necessary to better understand some of the new requirements. The pack includes several checklists, and indexed GDPR regulation handbook and a training recording.

The pack includes the following:

  • Towards GDPR compliance for the hospitality industry booklet
  • CMS Hotel GDPR Action Plan
  • EU Data Protection Regulation brochure
  • Indexed GDPR
  • Training podcast and slides aimed at senior management


  • Data processing contracts
  • Information notices and consents
  • Joint controller
  • Flow chart and contract compliance for Hotel Management and Franchise Agreements

For more information on the pack, please contact Global Head of the Sector, Thomas Page.

GDPR in hospitality: are you ready for action?
PDF 283.6 kB