Under the DPDP Act, hotels are responsible for handling guests' personal information securely. Collecting government-issued ID documents through a staff member's personal phone or WhatsApp creates unnecessary privacy risks, as there is no centralized storage, limited access control, or reliable audit trail to demonstrate how the information was handled.
A more secure approach is to digitize the check-in process by allowing guests to upload their ID through a secure digital form. The document is stored directly in a centralized, access-controlled repository instead of passing through personal devices. This ensures only authorized staff can access the document, while every upload and access is logged for audit purposes.
Need help implementing a DPDP Compliance Solution? Talk to the miniOrange team.