The General Data Protection Regulation (GDPR) is here with the law introduced on 25th May 2018.
It’s being implemented to strengthen and unify data protection in the European Union (EU) and could directly affect your hotel.
The GDPR will give more control to residents over their personally identifiable information and aims to simplify the regulatory environment for international business.
Hotels will need to ensure they review their connections to third party data processors (such as technology vendors), their own security policies, and if they have the necessary qualified staff on hand to cope with the new laws.
In general, hotels will hold some or all of the following information: guest names, addresses, date of birth, credit card details, passport details, dietary requirements, medical conditions – and much more depending on your specific property.
Hotels also work with a lot of third parties including caterers, cleaners, channel managers, property management system suppliers, online travel agencies, global distribution systems and more.
The GDPR will dictate all of these must be reviewed and it’s likely data agreements will have to be renegotiated to remain compliant.
As is widely reported, serious penalties may apply to companies who aren’t compliant. At worst, a fine of €20 million may be issued, or 4% of the company’s worldwide annual revenue of the prior financial year – whichever is bigger.
What do hotel marketers need to know about GDPR?
For hotel marketers the new GDPR rules could be especially impactful on their guest databases – particularly in regards to running email campaigns and sending prospective guests promotional offers enticing them to book a room.
Under the GDPR, your prospective guests must explicitly opt-in to having their details stored and they should understand what they are being used for. If you’re looking to send email campaigns with offers to people who haven’t stayed at your hotel previously, these people must have consented willingly to being communicated with.
The key definition is that user consent must be “freely given, specific, informed, and unambiguous.” But what does that mean?
One example is enquiry forms with a checkbox to receive a newsletter with your hotel’s offers should not be ticked by default, assuming that unless the user selects this they do not wish to opt in to your promotional email messages.
For a full list of regulations and definitions, visit this article from marketing experts NewsCred.
What can your hotel do to keep your guest database intact?
Hotels must have regained consent from prospective guests they’re currently sending promotional emails to – and it will need to be clearly explained what content they will receive and how their data will be used.
One way to do this, is for hotels to run a campaign seeking permission to email prospective guests and ask them to opt-in to promotional communications.
This can actually be a positive way to cleanse databases of disengaged contacts and increase your future email conversion rates.
Here’s what you should include in the initial email of these permission pass campaigns:
- Why you are emailing the contact
- A valuable reason for them to opt-in
- What they will continue to receive if they do opt-in
- A link to re-subscribe
- An option to unsubscribe and have their data removed
- A sign-off from a real person such as your general manager
You should always A/B test your email, trying different variations to see what will garner the most success.
And a last chance follow-up email should be sent, reiterating what was stated in your initial communication, to the people who did not respond. They’ll need a reminder.
You will also need to review and update your privacy statement to comply with GDPR requirements. Is the content in your privacy statement difficult to read? Or are you purposefully using terminology so that potential guests are not clear about what they’re signing up for? If so, rewrite it and make it clearer.
Privacy policy templates are readily available for free online if your hotel website doesn’t have one already. If you think it needs rewriting to comply with the GDPR, SEQ Legal provides a free template privacy policy, subject to certain conditions. You can read more on that template here.
Disclaimer: SiteMinder does not give legal advice. This article is not legal advice and is written for information purposes only. All hotel businesses are different and so we recommend you consult with a lawyer to make sure you’re compliant with the appropriate laws. It should not be relied upon and does not replace the need for legal advice. SiteMinder is not liable for any actions taken based on this article.