Just two weeks remain to ensure your business is GDPR compliant.
Firstly, it’s important to understand that The General Data Protection Regulation (GDPR) comes under the description of being ‘principles-based regulation’, meaning it is not 100% prescriptive and must be interpreted and applied with thought and relevance by each hotelier. The purpose of the new regulations is to strengthen and unify the data protection for individuals within the EU, with also the view to harmonise the data protection laws across the member states (including Switzerland and the UK after Brexit).
As an accommodation provider working in a very busy digital world, you’ll know that data is at the heart of your operations: ensuring you’re able to support the increasing digital economy; build trust; and to respect your guest’s data from exposure to risk that their personal data will be compromised or misused.
The GDPR Regulations came into law on 24 May 2016 but take full effect from 25 May 2018. The regulation is intended to ensure personal data is managed on both a fair and lawful basis that is transparent.
What does the GDPR actually mean for you?
There is a significant increased burden of good management, security and governance of personal data. This will require you to understand your obligations as a business in relation to your customer personal data and the responsibilities of any third-party suppliers that carry out the responsibilities of a Data Processor for your property.
The complicated area for hoteliers is that, the consent someone gives you only applies to the purpose you have explicitly declared. In the past, hotel marketers could source the email address once and then reuse it across campaigns and newsletters alike. However, with the new GDPR laws coming into place, this is no longer the case. So for example, if you’ve captured the email for a newsletter, then you have to ask for explicit consent again for the email campaign.
What can I do now to ensure compliance before the deadline?
Re-permission emails
Many hotels have already reached out with emails to customers asking them to re-opt in. This allows customers to make clear cut decisions with their data and also reminds your customers that their information is being held by your hotel, allowing them to opt out. It’s paramount to choose the wording carefully in such emails so that customers know what they are agreeing to receive and tick the box confidently.
A good example of this is from Hilton Honors. An opt-in email was rolled out in early April with the subject ‘Important information about your Hilton Honors Account’. The email was informative and to the point, it linked through to a landing page with the significant unchecked opt-in boxes. Once the decision is made a final confirmation pop up appears which ensures a confident and conscious decision by the customer. No data entry, no need to check your personal details – this was purely to gain permission to continue contacting their Honors members.
Once completed, you’re taken to a success page to confirm your preferences have been recorded.
Of course, Hilton’s complex systems make this process easier than an independent hotel or serviced apartment operator might find. However by integrating your email service provider (such as MailChimp) with your property management system or CRM (if you use one), you’ll be able to easily get your customers to confirm their data and it’s instantly updated in your system.
Confirmation pop ups
The challenge from a digital marketing perspective is that hotels have to be completely transparent with the customer, but this can lead to lengthy copy being displayed on websites, ultimately detracting from the user experience.
A small detail, but albeit, one that is paramount to build and/or maintain the trust of your customers is adding a confirmation pop up after details have been inputted allowing your customers to make an informed decision of data retention, and also speaks volumes on the transparency of your hotel as opposed to small print at the bottom of the screen that could easily be overlooked.
Update your privacy policy
Another important early move. The GDPR is raising the bar for data consent and your privacy policy should be revisited and updated however much of a burden it might appear to be!
Avvio clients can download support documents for this by logging in and accessing the Help Desk.
N.B. Please note that we are not authorities on data protection and privacy Law, so we would recommend you seek further legal advice if you are concerned about how your organisation handles personal data.
