The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
It was adopted on 27 April 2016. It becomes enforceable on 25 May 2018, after a two-year transition period. The GDPR replaces the 1995 Data Protection Directive.
Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.
Revinate, a leading Email Marketing Service for Hoteliers, breaks down the regulation into four pillars to offer marketers an opportunity to pay even more attention to the quality of their email marketing efforts, driving better engagement with guests.
Pillar One: Proof of Consent
If these modern times have taught us anything, it’s the power of consent. With GDPR, the EU wants to make sure its citizens and residents have given their explicit consent over how companies use their personal data. And in today’s connected world, personal data is everywhere.
So how do you get proof of consent? First, consent requires an active opt-in. This signals the end of forced opt-in, such as pre-ticked boxes on a form.
At Revinate, we recommend going one step further with a double opt-in approach. With double opt-in, upon signing up for email promotions, an individual receives an email with a verification link. When they click this link, it confirms both their consent and the accuracy of their email address. It also keeps a record of that consent, which is required by GDPR.
Here is a consent checklist you can use to make sure you are in compliance with this pillar:
These techniques also allow hotels an opportunity to build trust and transparency from the onset. No more forced opt-in. No more purchased lists. It’s best practice to only communicate with those guests who actually want to hear from you. This was true long before GDPR entered the picture.
Pillar Two: Right to Data Portability
GDPR gives consumers the “right to data portability.” For hotels, this means a guest has the right to ask a property to provide all the information they have on that particular guest. As a controller, it is your responsibility to be able to provide guests with that information.
Revinate Marketing will offer properties the ability to download all available guest data, including:
- Profile data stored in the Rich Guest Profile (name, address, subscription status, etc.)
- Survey responses
- Stay history
The Revinate Support Team can also do backend downloads of all guest data from our Marketing and Guest Feedback solutions if requested.
Pillar Three: Right to Erasure
Similarly, under the “right to erasure,” a guest has the right to ask a property to delete all their information (on that guest). This essentially erases that guest’s entire existence with that hotel.
Revinate Marketing will offer properties the ability to delete a guest from its records. Deleting a guest means:
- They will no longer appear in segments, stats or the guest database
- They will be added again if they make a new reservation
- They will be added to a log of deleted guests
- The property will be reminded to remove the guest from the Property Management System
Again, our Support Team will also be able to do this on the backend for both Revinate Marketing and Revinate Guest Feedback upon request.
Pillar Four: Right to Refuse Profiling
Last but not least is the “right to refuse profiling.” This gives EU citizens the right to avoid being targeted specifically based on their data. Profiling, as defined by the GDPR, requires an outcome or action of some sort as a result of personal data processing.
For hotels, this may mean that some guests want to receive emails; however, they do not want to be targeted specifically based on their personal data (e.g., segment for “families who have stayed at least twice”). Fortunately, Revinate will make it easy to exclude guests from marketing segments.
In summary, these four pillars of GDPR are expected to have the most significant impact on hoteliers:
It is important to keep these pillars in mind when working with any of your vendors who touch your guest data, such as your CRM, PMS, CRS, booking engine, etc.
Thank you for reading. Until next time, this is Manuel Gil del Real.
Sources: Wikipedia; Revinate