What is the impact of the DPDP Act on the hotel industry?

The DPDP Act imposes significant penalties for mishandling personal information and grants consumers new rights over their data, prompting hotels to reassess their data handling practices.

What challenges do hotels face with data privacy regulations?

Hotels face challenges in understanding and implementing DPDP Act rules due to the complexities of managing large volumes of personally identifiable information across various arrangements.

Home / Business and Economy / Hotels Scramble to Secure Guest Data Amidst New Law

Hotels Scramble to Secure Guest Data Amidst New Law

Q: Why are hotel owners renegotiating agreements with operators?

Hotel owners are renegotiating agreements to clarify data protection responsibilities under the new DPDP Act and enhance measures against guest data breaches.

9 Feb

•

Summary

Hotel owners are renegotiating operator agreements due to data protection laws.
Industry contracts are decades old, predating current privacy concerns.
The DPDP Act imposes significant penalties for mishandling personal information.

Hotels Scramble to Secure Guest Data Amidst New Law

Several hotel owners are actively renegotiating long-standing agreements with international operators and booking platforms. This effort is driven by the need to clarify data protection responsibilities under the new Digital Personal Data Protection (DPDP) Act, reinforcing measures to prevent guest data breaches.

The industry faces significant vulnerability due to extensive sharing of guest information across multiple stakeholders. Many existing contracts, some spanning two to three decades, were established long before data privacy became a regulatory priority and offer little guidance on data control or breach liability.

The DPDP Act, which came into force last year, imposes substantial penalties for mishandling personal information and grants consumers enhanced data rights. Travel and hospitality companies are finding it challenging to implement these rules due to the complexity of managing personally identifiable information.