7 Steps To Ensure GDPR Compliance With iPro Software
What GDPR means for those using iPro holiday rental software
The General Data Protection Regulation (GDPR) is set to have a large impact on the holiday rental industry in the EU. Coming into force on the 25th May 2018, GDPR will overhaul how holiday letting businesses will store and process data. Essentially, GDPR will give guests more control over how businesses use their personal data, and there will be hefty penalties for those who do not comply.
Under GDPR, there are ‘controllers’ and ‘processors’ of your guests’ data. Those providing the booking/property management software (such as iPro Software) are the ‘controllers’ – we state how and why you can process all of your data in your business. However our clients (who manage a holiday rental business) are ‘processors’ – you are the party that is gathering the data and processing it.
We therefore have a responsibility to ensure our software is GDPR compliant, and our clients too must ensure they abide by the rules, and ensure they keep records of their processing activities (which is where we can help!)
What GDPR means – key pointers
- Controllers of data need to ensure personal data is processed lawfully, transparently, and for a specific reason.
- Once this purpose is fulfilled, and you no longer require the data, it should be deleted.
- Consent under GDPR means there is an active, affirmative action by your guests. There is no ‘passive acceptance’ for example, a pre-ticked box.
- You need to keep a record of how and when consent was given (this is tracked in iPro) and allow guests to withdraw this whenever they’d like.
- At any time, your guests can have their data deleted if it’s not relevant anymore.
- Your guests have a right to access all of the information your business has on them.
- Your guests have a right to know how long their information is stored for, why it’s being processed, and who gets to see it.
You can find out more about GDPR and what it means here.
Using iPro Holiday Rental Software GDPR
A unique and useful feature of the iPro Software is the GDPR-compliant Customer Relationship Management (CRM) module. This enables you to collect and track all of your guest information, ranging from contact details, to emails, to booking history – all in one area.
Step 1. Use the guest portal
Your guests can also login to their very own ‘guest area’ or ‘live portal’ which enables them to update their information, check the status of their booking, pay balances, order extras – to name a few!
From the guest area, your clients can see and remove all of their data in the system, if they would like to. It is important to note that there is a *set length of term for data though. For instance, guests can only delete their personal data from the system if they haven’t booked a holiday rental for 12 months.
*This set length of time needs to be in your terms & conditions.
Step 2. Integrate your email
Are you worried about a huge catalog of data stored within your emails? By integrating your email into the iPro system, you can be certain that each email is assign to a specific contact. Hence, when you click “GDPR delete” all of this contact information will be removed.
Step 3. Remove contact duplicates
One of the issues with typical holiday rental CRMs is there are multiple contact records that refer to the same person. People don’t always enter the exactly same information every time they make a booking, after all! To cater for this, iPro has a special ‘dedupe tool’ which analyses contact data in your system, and gives a score factor for those which are potentially the same person.
Data compared includes: Name, email address, address, telephone, mobile. Your score will then be given as a green “70% match” (for example) and the following message will show:
“Hey this is an existing customer, would you like to merge?”
Merging contacts like this enables you to be sure that you are seeing ALL of the customer data is up-to-date and in one area. Therefore, when you need to remove a contact, you can be confident you are removing their entire data.
Step 4. Know what information remains
Within iPro Software it is easy to delete contacts, or remove contact data upon request. However, it also enables you to retain important historical/financial information. This is NOT personal information. This remaining data enables you to assess how many times a holiday letting has been booked, the value of the booking, and which city/country the booking came from.
Hence, you can be GDPR compliant, but will not lose important historical business data.
Step 5. Ensure PCI Compliance
iPro Software does not store any credit card/financial information within the system.
Every holiday rental business that uses our software will be hosted on an individual database. Therefore if one database was breached (although highly unlikely), none of the others would be at risk: You are completely independent, and you have maximum security from hackers. This security level is quite atypical for a holiday booking software.
Step 6. Be aware of systems used in addition to iPro
If you are a client of iPro, it is likely you use a variety of systems in addition to our holiday rental software. So think about the other systems where personal customer data is stored. For instance, email marketing, business intelligence platforms, and payment process programmes. These will all need to be GDPR compliant too! And you need to ensure that, when you delete a record on iPro, you also delete records on these other systems.
As mentioned previously, by hosting emails on iPro Software, you can ensure this client record is entirely deleted. However, if you have concerns for your other providers, you should speak to them directly or get in touch with us for advice.
Step 7. Outline your next steps
- Ensure all of your business systems (in addition to iPro) that store customer information are GDPR compliant
- Create a step-by-step plan on deleting a customer’s data with your team
- Update your T&Cs in iPro
- Make it clear how your guests can remove their data
To find out more about how iPro Software is GDPR compliant, please feel free to contact us here.