Data Protection for Hotels - Legal Alert


Friday, 24 January 2020  /  05:15PM  / By Oserogho & Associates / Header Image Credit: LetsLaw



The Hospitality Industry is reportedly the third most targeted Data breach/hacking sector; after the Retail and Financial Services Sectors who come first and second in regard to this menace.


The significance of the above data breach-risk is highlighted by the recent global massive Data Breach of some Hotel Guests Data Information. Though the Hospitality Industry is still arguably playing catch-up, there are some minimum Privacy and Data Protection Laws and Regulations that every business, especially Hotels, that collects, process, stores and retain any Guest Data must familiarise itself with, and adhere to.


Hotel Guests Valid I.D. Check-in

It is a global, standard practice for any Guest checking into a Hotel or other Hospitality Establishment to provide to such a Hotel a Government issued Identification Document ("I. D.") like a Driver's Licence, National Identity Card, Voter's Card, International Passport, etc before any hospitality services are provided to such a Hotel Guest. This practice is also in compliance with the Money Laundering (Prohibition) Amendment Act, among other legislations and regulations on this matter.



A vast majority of Hotels also now require their Guests to pay for the services to be rendered by such a Hotel using the Guest Credit or Debit Card details provided also at the point of check-in at the Hotel.



A large amount of private information or data is collected by each Hotel when their Guests provide to the Hotel copies of their public authority issued identification document and credit or debit card details. Each Hotel, as a Data Controller, must therefore ensure that in their collection of the numerous Data, they familiarise themselves with, and ensure adherence to the various Privacy Data Protection Laws and Regulations.


Rights of Data Subjects

Data Protection Regulations give Data Subjects, like Hotel Guests, the right to ask questions from Data Controllers or collectors regarding how each Subject's Data is collected, processed, stored and retained. Data Subjects also have the right to raise objections as to how their personal Data are collected, processed and stored. The right of a Data Subject to object to the processing or handling of his or her data must be safeguarded at all times.


Data Controllers further now owe Data Subjects a statutory duty of care when collecting, processing, storing and retaining any Data Subject's private information. Data Controllers must accordingly now develop security measures that safeguard the confidentiality and integrity of any data collected or processed from any unlawful and unauthorised access.


Data Protection Policy

Data Protection Laws and Regulations now expressly require any person or organisation ("the Data Controller"), like Hotels and other Hospitality Establishments, to ensure that when they collect, process, store and retain the personal data of any person in the ordinary course of their business transactions with such persons, they must ensure that the use and privacy to such personal data are protected and safeguarded from any unauthorised and unlawful use or disclosures.


Accordingly, all Data Controllers are mandatorily required to publicly publish, in a easily understandable language, their Data Protection Policy, which Policy must disclose among other things what constitutes the Data Subject's consent to the use of such Data, a description of the kind of Data collected, the purpose for the collection of the Data, the technical methods used in processing and storing such data, persons with access to such Data, remedies for any data privacy violation, etc.


In furtherance and adherence to the above statutory duty of care, Data Controllers must also now conduct annual data compliance audits of their Data Privacy Protection Practices; with their Data Compliance Audit Reports mandatorily required to be filed annually, on or before the 15th day of March of each calendar year, with the Data Protection Regulator.


Penalties for Data Breaches

In addition to any criminal liability prescribed by Law, one of the civil penalties for a Data Controller managing more than 10,000 Data Subjects, for a Data Breach, is the greater of a fine of 2% of the Data Controller's Annual Gross Revenue for its preceding year of operation or N10,000,000 (Ten Million Naira).


For a Data Controller dealing with less than 10,000 Data Subjects, the penalty is the greater of 1% of the Data Controller's preceding year's Annual Gross Revenue or the payment of N2,000,000 (Two Million Naira).


Without prejudice to the right of the Data Subject to seek redress from a Court of Law for a Data Breach, a Data Subject can also approach the Regulatory Data Administrative Redress Panel to investigate and proffer appropriate redress within twenty-eight (28) working days of the lodgement of the Data Breach complaint.




Any Data Security Breach has the potential to incur administrative, civil and criminal liabilities. Hotels will therefore do well to mitigate if not eliminate these kinds of risk by adhering to the various Data Protection Regulations, some of which are highlighted above.

Proshare Nigeria Pvt. Ltd.


This is a free educational material. It does not serve as a source of solicitation, advertisement or the offering of legal services or advice of any kind. No Client/Attorney relationship is therefore created. Readers are strongly advised to always seek from qualified Legal Practitioners, competent legal counseling to their specific factual situation.


Intellectual Property Protected!

This material is protected by International Intellectual Property Laws and Regulations. This material can therefore only be reproduced or re-distributed for non-profit educational purposes under the strict condition that our Authorship of this material is explicitly acknowledged, and our above Disclaimer Notice is prominently displayed. [ ]


Proshare Nigeria Pvt. Ltd. 


Related News on Business Regulations

  1. CBi with Action Aid and LCCI to Unveil a MSME Web-based Solution for Ethical Compliance
  2. Appruve Emerges Winner of 2019 Innovating Justice Challenge For West Africa
  3. Nigeria's Business Environment; Survival Of The Fittest
  4. Frequently Asked Questions about Product Registration and Other Incidental Matters at NAFDAC
  5. CBN Automates Nigerian Export Proceeds Form ("Form NXP") for Commercial Exports
  6. CBi Partners Proshare On the Business Action Against Corruption (BAAC) Nigeria Project
  7. Regulatory Conversations 4.0: Forex Restrictions on Food Imports and Implications For The Economy
  8. Non-profit, Non-governmental Organisations Basic Regulations - Legal Alert
  9. Role of Regulation In Establishing Sovereign Governance and Transparency
  10. Drilling Rigs Are Not Vessels: Court Of Appeal Pronounces
  11. Keynote Lecture by Mr. Bolaji Balogun at the 7th Christopher Kolade Lecture on Business Integrity
  12. Stakeholders Explore Deepening Governance and Ethics In Nigeria At CBI 2019 Conference
  13. Drilling Rigs Are Vessels And Subject To The Provisions Of The Cabotage Act - Federal High Court
  14. Hamzat,Balogun, Awoyemi Harp on a Viable Nigerian Governance Model At 7th Christopher Kolade Lecture
  15. Igboro ti Daru: Governance, Leadership, Ethics - How To Build A Thriving Nigerian Economy



Proshare Nigeria Pvt. Ltd.


Previous Legal Alerts

  1. Copyright Protection and Enforcement Rules - Legal Alert - Sept 28, 2019
  2. Non-profit, Non-governmental Organisations Basic Regulations - Legal Alert - Sept 11, 2019
  3. Competition and Consumer Protection Law - Legal Alert - Jun 29, 2019
  4. Oil and Gas Industry Indigenous Content Development Law Revisited - Legal Alert - May 23, 2019
  5. National Data Protection Regulations - Legal Alert - Apr 29, 2019
  6. New Harmonised Code of Corporate Governance - Legal Alert  - Mar 2019
  7. European General Data Protection Regulations - Highlights - Feb 26, 2019
  8. Implementation of Code of Corporate Governance Will Minimize Wastage, Corruption - Osinbajo
  9. FBNQuest Proposed Transfer of FBNQuest Trustees Limited to FBN Holdings Plc
  10. Income Tax Country-by-Country Reporting Regulations, 2018 - Legal Alert


Proshare Nigeria Pvt. Ltd.


Related News - Data Protection & Privacy

  1. The Nigeria Data Protection Regulation - Compliance Requirements
  2. Breach of Nigeria Data Protection Regulation by the Lagos State Internal Revenue Service
  3. How the General Data Protection Regulation Will Affect Your Business
  4. National Data Protection Regulations - Legal Alert
  5. Ownership of Trademarks in Nigeria
  6. Copyright Protection and Enforcement Rules - Legal Alert
  7. European General Data Protection Regulations - Highlights - Feb 26, 2019
  8. How The General Data Protection Regulation Will Affect Your Business - May 22, 2018


Proshare Nigeria Pvt. Ltd.


Related News - Business Regulations, Law & Practice

1.      Reforming Stock Exchange Governance

2.     Nigeria Corporate Governance Code 2020: Ethics, Sustainability Crucial For Companies - Tosin Ajose

3.     Sanctity of Contracts, Key to Attracting Capital Investments Into Nigeria - Soji Apampa

4.     CBI's National Integrity Barometer Will Change Nigeria's Corruption Perception - Soji Apampa

5.     Regulatory Conversations 5.0 - National Integrity Barometer: A Roadmap for 2020

6.     CBI, Action AID, LCCI Collaborate To Strengthen Ethics and Governance For MSMEs In Nigeria

7.      CBi with Action Aid and LCCI to Unveil a MSME Web-based Solution for Ethical Compliance

8.     Appruve Emerges Winner of 2019 Innovating Justice Challenge for West Africa

9.     Nigeria's Business Environment; Survival ff The Fittest

10.  Frequently Asked Questions about Product Registration and Other Incidental Matters at NAFDAC

11.   CBN Automates Nigerian Export Proceeds Form ("Form NXP") for Commercial Exports

12.   DealHQ Partners Hosts Inaugural Enterprise Roundtable

13.   NSE Set to Host 7th Nigerian Capital Market Information Security Forum

14.   Patents: The Fitness and Wellness Industry


Proshare Nigeria Pvt. Ltd.


Related News