Please note that this is not a legal advice but an introductory guidance and we strongly recommend that the hostel obtains the legal advice for its specific use of guests' data.


1. It is the hostel who is a data controller and it is the hostel which must ensure the compliance with GDPR while using blacklist or global blacklist.

2. In all cases property must explicitly inform the guest how it will use his/her data e.g. by saying:

"We will have your data until 7 days from your check-out or until your last payment, exclusive the data necessary for fiscal documents which need to be stored for 4 years"

(just an example).

3. In case the hostel uses the blacklist, the list is just one of the uses of the data and the customer should be explicitly informed about it. For instance, the hostel may:

- provide terms and conditions of the stay as a printout during the check-in (FrontDesk Master can generate printouts per guest automatically!) or

- the hostel may require accepting the terms and conditions electronically e.g. during the booking process on the website or on OTAs. 

- hostel may want to include the terms and conditions in the confirmation email additionally to ensure the guest was given the opportunity to get familiar with them.


However, to our knowledge the information shall be explicit, it means it must explain that: ""if you break the rules of the stay or leave without payment we will maintain your data (name, surname, email and ID document) in the blacklist for 5 years and the blacklist will be shared with other properties listed on Booking.com". Note! The format and the content of such information must be confirmed and structured by the professional legal council. 


If the hostel does not communicate it to the hostel or gives a clear enough option to find out then to our knowledge it is illegal to store European citizens data. In this case the fact of storing and collecting the data and using them without guest's knowledge is illegal not the existence of the blacklist tool by itself. 


Unfortunately, FrontDesk Master cannot provide legal advice and in  our experience and to our knowledge it is necessary that you consult with the lawyer  for your specific case.


Note! The global blacklist functionality was phased out. Please check how does the local blacklist work.