Protection of personal data in the tourism sector




personal data, individuals, protection, tourism


This research aims to explain certain aspects of the complex legal system of personal data protection. The paper is based on the analysis of domestic and EU regulations that regulate the rights of citizens to the protection of personal data. The paper provides an overview of the obligations that must be fulfilled by tourism entities in order to ensure that the processing of personal data is carried out in accordance with the law. In addition, the risks associated with the processing of personal data and the possibility to ensure the security of data processed by providers of tourist services are listed. The research showed that there are many open questions in the tourism sector regarding the implementation of regulations on the protection of personal data.


Download data is not yet available.


Andonovi?, S., ? Prlja, D. (2020). Osnovi prava zaštite podataka o li?nosti [Basics of the right to protection of personal data]. Institut za uporedno pravo, Beograd, Srbija.

Buhalis, D. (2020). Technology in tourism-from information communication technologies to eTourism and smart tourism towards ambient intelligence tourism: A perspective article. Tourism Review, 75(1), 267–272.

Chatzopoulou, C. I. (2021). GDPR and tourism: Legal framework, compliance and implications for the tourism industry. Economy & Business Journal, 15(1), 125–133.

Davini?, M. (2018). Nezavisna kontrola tela u Republici Srbiji [Independent body control in the Republic of Serbia]. Dosije studio, Beograd.

Feiler, L., ? Forgó, N. (2016). EU-DSGVO: EU-Datenschutz-Grundverordnung, Austria.

Feiler, L., ? Horn, B. (2018). Umsetzung der DSGVO in der Praxis, Austria.

Fercher, N., ? Riedl, E. (2016). Entstehungsgeschichte und problemstellungen aus österreichischer Sicht. In R. Knyrim (Ed.), Datenschutz-Grundverordnung DSGVO - Das neue Datenschutzrecht in Österreich und der EU (pp. 7–30). Austria.

García, L. M., Aciar, S., Mendoza, R., & Puello, J. J. (2018). Smart tourism platform based on micro service architecture and recommender services. In M. Younas, I. Awan, G. Ghinea, ? M. Catalan Cid (Eds.), Mobile Web and Intelligent Information Systems (pp. 167–180). Springer International Publishing.

General Data Protection Regulation 2016/679 (EU GDPR). Retrieved June 15, 2022 from

Gretzel, U., Reino, S., Kopera, S., & Koo, C. (2015). Smart tourism challenges. Journal of Tourism, 16(1), 41–47.

Haidinger, V. (2016). Die Rechte auf Auskunft, Berichtigung, Löschung, Einschränkung und Datenübertragbarkeit. In R. Knyrim (Ed.), Datenschutz-Grundverordnung (pp. 125–136). Austria.

Hladjk, J. (2016). Sachlicher und räumlicher Anwendungsbereich der DSGVO. In R. Knyrim (Ed.), Datenschutz-Grundverordnung DSGVO – Das neue Datenschutzrecht in Österreich und der EU (pp. 39–41). Austria.

Hödl, E. (2018). Art 4 DSGVO. In R. Knyrim (Ed.), DatKomm. Austria.

Hötzendorfer, W., Tschohl, C., ? Kastelitz M. (2018). Art 5 DSGVO. In R. Knyrim, (Ed.), DatKomm, Austria.

Judgment of the First Senate of 15 December 1983 - 1 BvR 209/83. Retrieved July 30, 2022 from

Kastelitz, M. (2016). Grundsätze und Rechtmäßigkeit der Verarbeitung personenbezogener Daten. In R. Knyrim (Ed.), Datenschutz-Grundverordnung DSGVO - Das neue Datenschutzrecht in Österreich und der EU (pp. 99–114), Austria.

K?dzior, M., ? Sadowska, M. (2019). General data protection regulations: Opportunities and risks of the implementation of GDPR in tourism. ACC Journal, 25(3), 71–81,

Law on Hospitality (Official Gazette of RS, No. 17/2019). Retrieved July 15, 2022 from

Law on Personal Data Protection – PDPA (Official Gazette of RS, No. 87/2018). Retrieved July 10, 2022 from

Masseno, M. D., ? Santos, C. (2018). Smart tourism destination privacy risks on data protection: A first approach from a European perspective. Revista Eletrônica Sapere Aude, 1(1), 125–149.

Masseno, M. D., ? Santos, C. (2019). Personalization and profiling of tourists in smart tourism destinations – A data protection perspective. International Journal of Information Systems and Tourism, 2, 7–23.

Pollirer, H. J., Weiss, E. M., Knyrim, R., ? Haidinger, V. (2017). DSGVO, Datenschutz-Grundverordnung. Austria.

Voigt, P., ? Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A Practical Guide. Springer eBook, Switzerland.




How to Cite

Lučić, S. (2023). Protection of personal data in the tourism sector. Hotel and Tourism Management, 11(1), 193–206.


Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.