Lay My Hat

Some serious stuff to gen up on, especially if you are not on site and need personal data of your guests forward to you either via the guests or your cleaner/manager for you to send onto the Guardia Civil.
Those who are on site I doubt if we are affected as all details are on paper.
https://www.theguardian.com/technology/ ... ons-secure

https://www.eugdpr.org/

https://ec.europa.eu/info/law/law-topic ... tection_en

The area it could have an implication is taking details via our own websites.

I am having great difficulty understanding how this affects me, if anybody can help I'll be grateful.
At the moment I take details off my guests passports and send them to the Guardia civil online, is there anything else I will have to start doing after May ?

Thanks in advance..

casasantoestevo wrote:Some serious stuff to gen up on, especially if you are not on site and need personal data of your guests forward to you either via the guests or your cleaner/manager for you to send onto the Guardia Civil.
Those who are on site I doubt if we are affected as all details are on paper.
https://www.theguardian.com/technology/ ... ons-secure

https://www.eugdpr.org/

https://ec.europa.eu/info/law/law-topic ... tection_en

The area it could have an implication is taking details via our own websites.

From what you say, you collect personal data from customers and pass them on.
Things to consider:

Where do you store those personal details? Is it secure?
Do you delete or shred when you no longer need them? What is your policy? Is it documented.
Do you have a privacy policy? Is it up to date to include GDPR rather than the old Data Protectin Act?
Have you registered with the ICO as a data controller?

When you pass customer data on. Is it a legal requirment? If so then the data protection laws aren't there to prevent you from doing this but the customer may need to be aware.

If you do direct marketing then you will need a positive consent from the prospective customers. You cannot ask them to unit known a box. You need a tick.

Hope that helps?

GC requires the owners to keep guest records for at least 5 years

casasantoestevo wrote: Those who are on site I doubt if we are affected as all details are on paper.

It does effect your paper records too. All have to be kept securely. And I think you have an added problem in that if someone breaks in and steals them, you might be required to notify the individuals concerned that their personal data has been compromised - and if the paper records have been stolen and you have no copies held in a secure location, how do you do this?

The whole thing is a nightmare in complexity.

I do think that those people who are off-site and require passport details are going to have to put in place a secure way of getting those details and not expect guests to email them. And given that anyone who is "up to no good" can fake a digital image, how are the hosts going to know unless they can see their guest with their passport "in the flesh"

A lot of people have used this as a reason to get everyone on a system. It is nice not to have filing cabinets full of paperwork that you have to keep but will never use again.

As I said previous I fill in the information online to send to the GC, I tick the box to get an acknowledgement that they have received ok.. At the moment I keep my signed copies in a folder on my desk , If I keep these copies from now on in a locked safe is this all that's required ? Or is there something else I have to do ?

Thanks

You should read and study the third link. Lots of FAQs. Also a link to the national authorities in each country which will also have it's own regulations about privacy. Link below.
https://ec.europa.eu/commission/sites/b ... 018_en.pdf

You are under no requirement to register as a date controller with ICO if:

You are only processing personal data for core business purposes ie

Staff administration (including payroll);
accounts or records (ie invoices and payments);
advertising, marketing and public relations (in connection with your own business activity).

Rosie you are correct, in that there is no requirement for a data officer.
However, if you collect data then you still have to comply with this directive.
https://ec.europa.eu/info/law/law-topic ... w-apply_en

In Spain it is a legal requirement to collect personal data to forward onto the Guardia Civil. If I read this correctly, if the business is obliged to collect p.d. under a "local" law it has to be done. However the storage of that data has to be done in a secure way. That may or may not be dictated by the country you are based in. So if you rent out a property away from your home you have to comply with which law? IANL but I feel the storage of that date is governed by the law of the land you are based in.

I will now post information on this thread.
viewtopic.php?t=28496