Hotel Registration Form & GDPR in Germany: The Rules Since 2025

The registration form (Meldeschein) is the legally required capture of guest data in German accommodation businesses (Federal Registration Act). Since 1 January 2025, the Bureaucracy Relief Act IV brought a major simplification: the hotel registration duty has been abolished for German nationals — for foreign guests it remains in place. In parallel, the GDPR sets the guardrails for what data a property may collect beyond that and how long it may keep it.

The legal situation since 2025

Guest groupRegistration duty
German nationalsNo registration form required any more (since 1 Jan 2025). Data may still be collected for the property's own purposes (contract, billing) — then GDPR rules apply.
Foreign guestsRegistration form still mandatory: signed on arrival or captured via approved digital procedures; presentation of an identity document. Retention: 1 year from arrival, destruction within 3 months thereafter.
Tourism statistics/visitor taxState and municipal obligations (e.g. guest card, visitor levy) continue to exist independently — check regionally.

As of mid-2026, without guarantee — not legal advice. Clarify details and digital procedures with your system provider or the competent authority.

What the GDPR additionally requires

Practical implementation in digital check-in

The 2025 reform makes self check-in considerably easier: for German guests the signature step disappears entirely; for foreign guests good systems map the digital registration form including document verification. Important in system selection: separate data flows (registration vs. marketing data), automatic deletion after deadlines and EU hosting.

Frequently asked questions

Do I no longer have to register German guests at all?

Under registration law, no. For contract, billing, visitor tax or house rules you may still collect data — then under GDPR rules (purpose, scope, deletion period) and without the registration-form formality.

How long must registration forms be kept?

One year from the arrival date; they must then be destroyed within three months. Digital procedures must implement retention and deletion accordingly.

May the hotel scan the guest's ID?

Generally no — the law provides for presentation for inspection, not a copy. Exceptions are narrow; when in doubt, transcribe the data instead of scanning.

Related terms

Making your check-in process and data flows GDPR-proof?
We review the registration process, PMS settings and deletion concept.
Get in touch →