GDPR and the hotel sectorFor example, when a consumer signs-up for Spotify and they want to use their Facebook login for ease, Spotify receives their contact info, who their friends are, location, and other details. And in return Facebook receives details on the consumers’ music tastes. However, this unchecked spread of personal information will soon be in for a change. According to GDPR, all businesses; including hotels, will soon need to know exactly where they get data from, to whom they send it, and what they do with it internally.

What is GDPR?

GDPR is an acronym for General Data Protection Regulation. It is an EU regulation that will come into effect on May 25, 2018, and generate the biggest changes in data protection in the EU since 1995. GDPR was created to bring as much uniformity into data protection as possible and is a regulation far better suited to the challenges today’s digital world poses.

But what does this mean for hotels?

Currently, the rules around collecting guest (or potential guest) data are somewhat flexible. Hoteliers can be smart with wording and use “opt-outs” and implicit consent to swiftly enrol customers up to various newsletters and email campaigns. Generalised consent requests can be used to sign people up to any number of subscriber lists, resulting in multiple ways that a hotel group can reach potential guests.

That is all changing under the GDPR. Explicit consent means that hotels must: explain to the customer what data you are capturing (the nature of the data), explain to the customer why you are capturing that data (the purpose of the data) and explain to the customer who is requesting that data (the identity of the Data Controller) and who else will have access to this data. The end result is that the person you are seeking to collect data from completely understands what data you want and what you plan on doing with it. The customer can then give you unambiguous consent.

However, the tricky part for hoteliers is that the consent someone gives you only applies to the purpose you have explicitly declared. In the past, hotel marketers could source the email address once and then reuse it across campaigns and newsletters alike. However, with the new GDPR laws coming into place, this is no longer the case. If you have captured the email for a newsletter, then you have to ask for explicit consent again for the email campaign, and so on.

All of which makes marketing to EU residents, or people in the EU more challenging which could restrict the number of guests you get through the door. However, on the positive side, those who do give consent are likely to be more engaged guests.

What does GDPR mean for non-EU hotels?

Consider this: If you are a Singapore-based hotel but selling to EU travel agents and third-party wholesalers based in Europe, you will fall under GDPR. Even more confusingly, what about if you are US hotel company not directly selling through partnerships with EU based companies, but do collect analytics data on EU located visitors?

It is true that non-EU based hoteliers process personal data according to their local data protection regulations. However, there are specific situations in which non-EU companies will have to comply with GDPR requirements.

From a hotel digital marketing perspective, if you are monitoring the behaviour of users that takes place within the EU, such as booking trends out of Germany, you have to comply with the requirements of GDPR. This affects the use of different types of web analytics tools, as well as tracking for personalisation and retargeting purposes. It applies to website visits from users that are in the EU, regardless of whether they are EU citizens or not.

As in many cases, GDPR will apply to hoteliers even outside of the EU, having systems such as a CMS that can distinguish between visitors based within and outside the EU is of great benefit. This means that, based on geolocation, they do not use analytics on those EU-based visitors without obtaining their consent stating they agree for the site to track their web behaviour.

What does GDPR mean for your marketing efforts?

GDPR will have an impact on a number of ways in which hotels seek to attract guests from the EU. The first area for consideration is user experience. Explicit consent isn’t something that can be casually slipped in. It will have a big impact on user experience design.

Hotels in the future won’t be able to use simple, general statements or links off to other pages. They will have to be explicit and clear, which means presenting the customer with large datasets of information before they give you the consent. They shouldn’t have to work to find the information. It needs to be upfront and clearly presented.

The challenge from a digital marketing perspective is that hotels have to be completely transparent with the customer, but this can lead to bloated copy being displayed on websites and other critical marketing platforms, ultimately detracting from the user experience. The shift from implicit consent and opt-outs to explicit consent will bring some disruption to the typical user experience design patterns. The challenge is to cover compliance while ensuring that simplicity of navigation is retained from the customers’ perspective.

Creating the best possible user experience, while being GDPR compliant will require some work. The starting point is to identify areas of your hotel’s website where you are requesting consent from the guest, e.g., sign up for the newsletter, or special deals. Each area can then be discussed in detail to understand why you are collating that information and how it will be used, which can then, in turn, inform both the copy and the user experience design.

The questions you need to ask

With the imminent introduction of GDPR, are you aware how the laws will impact the way in which your hotel operates? Even if you are based in Asia or North America, are you aware that the laws could influence your ability to collect data and attract guests from the EU? All hoteliers have the potential to be impacted in some way by GDPR, regardless of size, or location. It is those properties that move to understand the law and become compliant today, that will see them succeed in the new digital world tomorrow.


About the author

Wayne Jasek

Wayne Jasek is Director of APAC Operations for Kentico. He specializes in helping hoteliers deliver exceptional online experiences that turn visitors into customers.