How you can make sure your hotel marketing is GDPR compliant

Posted

Hotel marketing that is GDPR compliant

The General Data Protection Regulation (GDPR) is just around the corner now, with the law to be introduced on 25th May 2018.

It’s being implemented to strengthen and unify data protection in the European Union (EU) and could directly affect your hotel.

The GDPR will give control back to citizens and residents over their personal data and aims to simplify the regulatory environment for international business.

Hotels will need to ensure they review their connections to third party data processors (such as a technology vendor), their own security policies, and if they have the necessary qualified staff on hand to negotiate the new laws.

In general, hotels will hold some or all of the following information: guest names, addresses, date of birth, credit card details, passport details, dietary requirements, medical conditions etc.

Hotels also work with a lot of third parties including caterers, cleaners, channel managers, property management system suppliers, online travel agencies, global distribution systems and more.

The GDPR will dictate all of these must be reviewed and it’s likely data agreements will have to be renegotiated to remain compliant.

As is widely reported, serious penalties will apply to companies who aren’t compliant. At worst, a fine of €20 million may be issued, or 4% of the worldwide annual revenue of the prior financial year, whichever is bigger.

What do hotel marketers need to know about GDPR?

For hotel marketers the new GDPR rules are especially impactful on their guest databases – particularly in regards to email.

Under the GDPR, your guests must explicitly opt-in to having their details stored and understand what they are being used for. They must also consent willingly to being  communicated with, meaning many email lists could dwindle significantly if hotels aren’t proactive in reaffirming their right to communicate with guests.

The key definition is that user consent must be “freely given, specific, informed, and unambiguous.” But what does that mean? One example is enquiry forms with a checkbox to receive a newsletter with your hotel’s offers should not be ticked by default, assuming that unless the user selects this they do not wish to opt in.

Individuals should also be aware of who is collecting their information, the purpose of collection, and exactly what they are consenting to. Consent to be emailed must be given explicitly.

For a full list of regulations and definitions, visit this article from marketing experts NewsCred.

Under the GDPR, your guests must consent willingly to being communicated with, meaning many email lists could dwindle significantly if hotels aren’t proactive in reaffirming their audience. Click to Tweet

What can your hotel do to keep your guest database intact?

Hotels will have to regain consent from anyone they’re currently communicating with to continue doing so, and it will need to be clearly explained what content they will receive and how their data will be used.

To do this, hotels must run a campaign seeking permission to email guests – both existing and prospective – and ask them to opt-in to communications.

In a way this can actually be a positive way to cleanse databases of disengaged contacts and increase your future email conversion rates.

Here’s what you should include in the initial email of these permission pass campaigns:

  • Why you are emailing the contact
  • A valuable reason for them to opt-in
  • What they will continue to receive if they do opt-in
  • A link to re-subscribe
  • An option to unsubscribe and have their data removed
  • A sign-off from a real person such as your general manager

You should always A/B test your email, trying different variations to see what will garner the most success.

And a last chance follow-up email should be sent, reiterating what was stated in your initial communication, to the people who did not respond. They’ll need a reminder.

You will also need to review and update your privacy statement to comply with GDPR requirements. Is the content in your privacy statement difficult to read? Or are you purposefully using terminology so that potential customers do not know what they are signing up for? If so, rewrite it and make it easy to read.

Privacy policy templates are available for free online if your hotel website doesn’t have one already. If you think it needs rewriting to comply with the GDPR, you can use a template for free from SEQ Legal, as long as you credit them within the policy itself. Read more on that template here.

Subscribe to the SiteMinder blog for hotel industry news

Thanks for sharing

Sign up to our blog and receive regular updates on the content you're into

Send this to a friend