· 6 min read · Karsten Silz Karsten Silz

GDPR for hosts: what you need to know

Data protection doesn't have to be complicated. The key rules for holiday apartment hosts.

GDPR — the word triggers unease in many hosts. Complicated rules, threatened fines, unclear obligations. Yet for holiday apartment hosts the reality is more manageable than you might think. The core question is simple: how do you handle your guests' data?

This article explains the key points — without legal jargon and without claiming to be exhaustive. For specific legal questions please consult a lawyer.

What hosts need to consider

If you run a website and process guest data, the following obligations apply:

  • Privacy policy — required for every website that processes personal data. This includes contact forms or booking enquiries. The policy must describe what data you collect, why, and how long you retain it.
  • Imprint (legal notice) — required for every commercially used website in Germany. Full name, address, email, and optionally phone number must be provided.
  • Cookie banner — needed if you use analytics tools such as Google Analytics or set tracking cookies. Purely functional cookies (e.g. for a booking form) do not require a banner.
  • Guest data and registration — you may collect name, address, and travel dates to comply with statutory registration requirements. This data must be stored securely and deleted after the legal retention period expires.

Common mistakes

In practice we keep seeing the same problems:

  • No imprint — or one that is incomplete. Most common: missing email address or incorrect legal form.
  • Guest data in Excel spreadsheets — unencrypted on a desktop, without access control. A lost laptop and the data is gone — or in the wrong hands.
  • Emails with open CC — when you write to multiple guests at once and everyone is in the CC, everyone can see who else is there. Always use BCC.
  • Google Analytics without cookie consent — widespread but not compliant. Anyone using analytics tracking needs active user consent.

How to do it right

Good news: with the right tools, GDPR compliance is not a big effort.

  • Website with built-in privacy — use a solution that comes with an imprint, privacy policy, and cookie banner already included and kept up to date.
  • Store guest data securely — no unencrypted Excel files. Use a booking system that stores data encrypted and manages access rights.
  • Observe deletion periods — registration data must be deleted after check-out and once the legal retention period has passed. A good system reminds you or handles it automatically.
  • BCC instead of CC — for every bulk email to guests.

What MeineFeWoSeite takes care of for you

With MeineFeWoSeite, privacy is built in from the start — no thinking, no reworking.

  • Imprint generator with all required details
  • Privacy policy that fits your website and booking system
  • Cookie banner that only appears when it is genuinely needed
  • Guest data stored securely and encrypted in the host portal
  • Regular review and updating of legal texts

You don't have to worry about any of this yourself. That's the point.

Summary

GDPR is not a monster for holiday apartment hosts. The requirements are clear, and with the right solution you meet them automatically. No lawyer, no extra effort, no sleepless nights.

Try MeineFeWoSeite for free — including all privacy features.

Try for free now →