Embed Size (px)
Citation preview
A HOTELIER’S GUIDE TO
.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GAINING MARKETING CONSENT AFTER GDPR
WHAT IS GDPR?The General Data Protection Regulation (GDPR) is comprehensive legislation designed to harmonize data protection law across the European Union. It imposes new regulations for organizations who engage with individuals in the EU, expands individuals’ rights with respect to the processing of their personal data and mandates data security measures appropriate to the risk of processing personal data. It also includes tougher enforcement for violations of the rules. GDPR came into effect on May 25, 2018
GREATER RIGHTS AND CONTROLS FOR INDIVIDUALS IN THE EU ON HOW THEIR DATA IS USED
GREATER ACCOUNTABILITY AND NEED FOR TRANSPARENCY ACROSS ALL ORGANIZATIONS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WHAT ISPERSONAL DATA?Personal data is critical for all marketing purposes. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’
90%
2.7
44x
163
zettabytes of data exist in the digital universe today – one zettabyte is 931,322,574,615.48 GB2
of the data that exists in the world today has been created in the last 2 years1
Data production will be 44x greater in 2020 than it was in 20093
zettabytes of data will exist in the world by 20254
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GDPR - WHAT YOUNEED TO KNOWThese key principles guide how organizations should treat personal data moving forward. Personal data should be:
As a hotel, you are a data controller and any third-party vendors that process data on your behalf are data processors. The controller shall be responsible for and be able to demonstrate compliance with the principles. This means that a hotel processing personal data of individuals from the EU is fully liable for the activities of its vendor (data processor). The location of either the hotel or the vendor plays no role, it is solely based on the location of the individual whose data is being processed.
6 KEY PRINCIPLES OF GDPR
DATA CONTROLER VS DATA PROCESSOR?
6 LEGAL GROUNDS FOR CONSENT
PROCESSED LAWFULLY, FAIRLY AND IN A TRANSPARENT MANNER IN RELATION TO INDIVIDUALS
THE INDIVIDUAL HAS GIVEN CONSENT
COLLECTED FOR SPECIFIED, EXPLICIT AND LEGITIMATE PURPOSES AND NOT PROCESSEDBEYOND THOSE PURPOSES
PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A CONTRACT
ADEQUATE, RELEVANT AND LIMITED TO WHAT IS NECESSARY IN RELATION TOTHE PURPOSES FOR WHICH THEY ARE PROCESSED
IT IS NECESSARY FOR THE CONTROLLER TO COMPLY WITH A LEGAL OBLIGATION
ACCURATE AND WHERE NECESSARY, KEPT UP TO DATE
IT IS NECESSARY TO PROTECT SOMEONE’S LIFE
IT IS NECESSARY FOR THE PURPOSES OF THE LEGITIMATE INTEREST PURSUED BY THE CONTROLLER OR THIRD PARTY
KEPT IN A FORM WHICH PERMITS IDENTIFICATION OF DATA SUBJECTS FOR NO LONGER THAN IS NECESSARY WHILE THE PERSONAL DATA IS PROCESSED
IT IS NECESSARY TO PERFORM A TASK IN THE PUBLIC INTEREST
PROCESSED IN A MANNER THAT ENSURES APPROPRIATE SECURITY OF THE PERSONAL DATA
1
1
2
2
3
3
4
4
6
6
5
5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .WITHDRAWING CONSENT!
Remember, consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
Consent must be as easy to withdraw as it is to provide. When direct marketing to individuals, provide a clear opt-out mechanism from receiving future marketing communications.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OBTAINING CONSENTFROM YOUR DATABASE
.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DETAIL NEEDED FORTRACKING CONSENT
WHO CONSENTED
WHEN THEY CONSENTED
WHAT THEY WERE TOLD AT THE TIME
HOW THEY CONSENTED
IF CONSENT HAS BEEN WITHDRAWN
1
2
3
4
5
ADD PREFERENCES & DETAIL TO YOUR PAGE
CHECK YOUR PRIVACY POLICY
CREATE AN EMAIL PREFERENCE CENTER 21 3
If you do not already have one, create an email preference centre or a subscription page that allows your website visitors to ‘subscribe’ to your marketing communications.
MAKE YOUR PRIVACY POLICY ACCESSIBLE4 On your email subscription page or email preference center - in fact anywhere you provide the option for individuals to sign up - provide a link to your privacy policy. This will emphasize your commitment to transparency and accountability for how you process data.
USE YOUR WEBSITE TO ENCOURAGE VISITORS TO SUBSCRIBE
OBTAIN CONSENT AT EVENTS OR FACE-TO-FACE MEETINGS
5
6
Use your website as a means to drive more visitors to subscribe to your marketing communications:
> Use website overlays and/or pop-ups to drive people to your email preferences page> Add opt-in fields to any forms or registration pages on your website. If doing so, ensure your
privacy policy is visible and it is made clear that users will be subscribing if they opt-in.
Provide an alternative means for people to provide you with consent to market to them. A business card alone is not a means of giving consent to receive marketing communications anymore.
> Provide an accessible online form (on a desktop, mobile or iPad)> Share a printed sheet of paper that includes the details you’d request via the email
preferences center. This can be photographed and added as documentation for an audit trail
Contact us today for a demo of our hotel CRM + digital marketing services. We look forward to hearing from you!
Please note this is not to be treated as legal advice, the information included here is to be treated as best practices only. REFERENCES:(1) IBM Marketing Cloud, “10 Key Marketing Trends For 2017”(2) MarTech – Big Data Brings Marketing Big Numbers(3) Wikibon – The Rapid Growth in Unstructured Data(4) IDC, Data Age 2025
Make sure your email preference center or subscription page allows your website visitors to tailor what communications they receive, if they choose to do so. You can determine these settings by the type of content or interests your guests have at your hotel.
Make sure your privacy policy is up to date and reflects exactly how you intend to process data for your subscribers and guests. The more transparent you can be, the better.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BEST PRACTICES FOR OBTAININGCONSENT FOR MARKETING INITIATIVES
.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTACTCENDYN TODAY
VISIT CENDYN.COM
