Question 1

What GDPR obligations do b&bs / guesthouses in Mayo have?

Accepted Answer

B&Bs / Guesthouses in Mayo must appoint a data controller, maintain records of processing activities, implement appropriate security measures, provide privacy notices to customers, and respond to data subject access requests within one month under the Data Protection Act 2018.

Question 2

Can the DPC fine a b&b / guesthouse in Mayo?

Accepted Answer

Yes. The Data Protection Commission can fine any business in Mayo, including b&bs / guesthouses, up to €20 million or 4% of global annual turnover for serious GDPR breaches. Even smaller infringements can result in fines up to €10 million.

Question 3

Do I need a Data Protection Officer for my b&b / guesthouse in Mayo?

Accepted Answer

Not all businesses need a formal DPO, but if your b&b / guesthouse processes personal data on a large scale or handles special category data (like health information), you may be required to appoint one under GDPR Article 37. Even if not mandatory, having someone responsible for data protection is best practice.

Question 4

How do I handle a data breach at my b&b / guesthouse in Mayo?

Accepted Answer

You must notify the DPC within 72 hours of becoming aware of a personal data breach that poses a risk to individuals. You should also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Question 5

What privacy policy does a b&b / guesthouse in Mayo need?

Accepted Answer

Your b&b / guesthouse needs a clear, plain-language privacy policy that explains what data you collect, why you collect it, how long you keep it, who you share it with, and what rights customers have under GDPR. This must be easily accessible to all customers and staff.

Question 6

Does GDPR apply to small B&Bs in Ireland?

Accepted Answer

Yes, GDPR applies to all businesses that process personal data, regardless of size. A B&B that collects guest names, emails, and payment details is processing personal data and must comply. The DPC does not exempt small businesses from their obligations under the Data Protection Act 2018.

Question 7

Do B&Bs need a privacy policy?

Accepted Answer

Yes, any B&B collecting personal data must provide a privacy notice explaining what data is collected, why, and how long it is retained. This can be a simple document displayed at check-in and on the website. Transparency is a core GDPR principle regardless of business size.

Question 8

Can a B&B use Airbnb without worrying about GDPR?

Accepted Answer

No. While Airbnb has its own privacy obligations, B&B owners remain data controllers for the guest data they receive through the platform. You must have your own privacy policy and should understand the data processing relationship with the platform. A Data Processing Agreement may also be required.

Question 9

How should a guesthouse in Ireland handle guest dietary information?

Accepted Answer

Dietary and allergy information can reveal health conditions and may qualify as special category data under GDPR Article 9. It should be collected only when necessary, stored securely, and deleted after the guest's stay unless there is a reason to retain it for repeat bookings with explicit consent.

Question 10

Do I need CCTV signs at my B&B?

Accepted Answer

Yes, if you operate CCTV at your B&B, you must display clear signage informing guests and visitors that recording is taking place. The signage should include the purpose of the CCTV, the identity of the data controller, and how individuals can contact you. The DPC has published specific guidance on domestic CCTV that B&B owners should review.

GDPR Compliance for B&Bs / Guesthouses in Mayo

Do b&bs / guesthouses in Mayo need to comply with GDPR?

Key GDPR Risks for B&Bs / Guesthouses

Personal Data Your B&B / Guesthouse Processes

Find out your GDPR score in 2 minutes

Required GDPR Policies & Documents

GDPR Compliance Steps for B&Bs / Guesthouses

Common GDPR Mistakes B&Bs / Guesthouses Make

Frequently asked questions

Don't wait for the DPC to come knocking