GDPR: A hotelier’s guide, part 3 — 4 pillars of GDPR
Four Pillars of GDPR
The EU GDPR will come into force immediately on 25th May 2018.
Here’s what you, as a hotelier, need to know.
In Part 3 of our month-long GDPR blog series, we’ve broken down the fundamentals into four pillars that will have the biggest impact on hoteliers: Proof of Consent, Right to Data Portability, Right to Erasure, and Right to Refuse Profiling. Don’t be intimidated! In reality, these four pillars offer marketers an opportunity to pay even more attention to the quality of their email marketing efforts, driving better engagement with guests.
Pillar One: Proof of Consent
If these modern times have taught us anything, it’s the power of consent. With GDPR, the EU wants to make sure its citizens and residents have given their explicit consent over how companies use their personal data. And in today’s connected world, personal data is everywhere.
So how do you get proof of consent? First, consent requires an active opt-in. This signals the end of forced opt-in, such as pre-ticked boxes on a form.
At Revinate, we recommend going one step further with a double opt-in approach. With double opt-in, upon signing up for email promotions, an individual receives an email with a verification link. When they click this link, it confirms both their consent and the accuracy of their email address. It also keeps a record of that consent, which is required by GDPR.
Here is a consent checklist you can use to make sure you are in compliance with this pillar:
These techniques also allow hotels an opportunity to build trust and transparency from the onset. No more forced opt-in. No more purchased lists. It’s best practice to only communicate with those guests who actually want to hear from you. This was true long before GDPR entered the picture.
Pillar Two: Right to Data Portability
GDPR gives consumers the “right to data portability.” For hotels, this means a guest has the right to ask a property to provide all the information they have on that particular guest. As a controller, it is your responsibility to be able to provide guests with that information.
Revinate Marketing will offer properties the ability to download all available guest data, including:
- Profile data stored in the Rich Guest Profile (name, address, subscription status, etc.)
- Survey responses
- Stay history
The Revinate Support Team can also do backend downloads of all guest data from our Marketing and Guest Feedback solutions if requested.
Pillar Three: Right to Erasure
Similarly, under the “right to erasure,” a guest has the right to ask a property to delete all their information (on that guest). This essentially erases that guest’s entire existence with that hotel.
Revinate Marketing will offer properties the ability to delete a guest from its records. Deleting a guest means:
- They will no longer appear in segments, stats or the guest database
- They will be added again if they make a new reservation
- They will be added to a log of deleted guests
- The property will be reminded to remove the guest from the Property Management System
Again, our Support Team will also be able to do this on the backend for both Revinate Marketing and Revinate Guest Feedback upon request.
Pillar Four: Right to Refuse Profiling
Last but not least is the “right to refuse profiling.” This gives EU citizens the right to avoid being targeted specifically based on their data. Profiling, as defined by the GDPR, requires an outcome or action of some sort as a result of personal data processing.
For hotels, this may mean that some guests want to receive emails; however, they do not want to be targeted specifically based on their personal data (e.g. segment for “families who have stayed at least twice”).Fortunately, Revinate will make it easy to exclude guests from marketing segments.
In summary, these four pillars of GDPR are expected to have the most significant impact on hoteliers:
It is important to keep these pillars in mind when working with any of your vendors who touch your guest data, such as your CRM, PMS, CRS, booking engine, etc. It is important to keep these pillars in mind when working with any of your vendors who touch your guest data, such as your PMS, CRS, booking engine, etc.
To find out more about GDPR and practical tips for marketing, please refer to the first two parts of our Hotelier’s Guide blog series:
- GDPR: A Hotelier’s Guide, part 1 — Glossary of Terms
- GDPR: A Hotelier’s Guide, part 2 — 5 Ways to Make Sure Your Hotel is Prepared
In part four, we’ll share best practices for getting your existing database contacts to provide their explicit consent through double opt-in. As always, don’t hesitate to reach out to discuss GDPR with a Revinator!