GDPR and Its Impact on Digital Marketing: What We Think We Know

By Leora Halpern Lanz President, LHL Communications | July 15, 2018

Co-authored by Elise Borkan, Boston University School of Hospitality Administration

It is undeniable that GDPR is the current catch phrase and hot topic for global marketers in all sectors. May 25, 2018, marked the official start of the European Union's (EU) General Data Protection Regulation (GDPR) ruling, though businesses and organizations around the world have been managing the potential consequences of GDPR for months; many of us have likely received a barrage of emails indicating company privacy policy updates.

In short, GDPR is defined by the EU's Data Protection Agency and "regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU" (European Commission). As a result of increasingly concerning practices and determination to protect data, regulations in the European Union have pushed these concerns directly to the surface. A new world of GDPR compliance is now upon us. It is here and we must pay careful attention in order to prevent an infliction of hefty financial penalties or perhaps even damaging negative word of mouth.

Businesses are already faced with the ramifications of GDPR since its recent implementation. Facebook had already been very publicly subjected to questioning by the U.S. Congress and foreign governments to instill a new paradigm of protection of users' private information. Additionally, in our hospitality landscape, several of the large global hotel brands had already been victim to data breaches on a grand scale (Hyatt 2017, Hilton 2017, IHG 2016). The issue of personal data and privacy protection has been rampant and now marketers have to be even more in tuned to potential consequences.

As GDPR impacts all industries globally, hospitality companies must become hyper-aware of their digital marketing practices and management of customer personal data in order to comply with the EU's regulations. While GDPR pertains to various disciplines for a company's collection of data (such as HR needs) marketers, particularly digital marketers must note real issues as it pertains to the following areas:

  • Privacy Policy Updates: Chief marketing officers must ask whether their hospitality business or organization has conducted a privacy policy update since the introduction of GDPR. If not, the clock is ticking and the firm is at risk of a GDPR violation and fine by the European Union. Companies around the world have revised and/or updated privacy policies and informed their customers (email databases) of such updates. Individuals must clearly give consent by clicking a link or checking a box agreeing to new privacy policies for the company to legally collect their personal data and continue to contact them. Companies cannot consider the individual's 'silence' or non-response to a consent request as an affirmative agreement to privacy policies and data sharing.
  • While GDPR is a law that protects European citizens, "every entity that holds or uses European personal data whether they operate inside or outside of Europe" is subjected to the regulations of GDPR and is responsible for complying ( Businesses that have yet to update privacy policies and require their customers and subscribers to actively consent to the continuation of data sharing can face hefty fines. There are two tiers of fines imposed by the EU, and they vary depending on the severity of the GDPR violation. Tier One includes a fine of 2% of a company's annual turnover, or 10 million euros, whichever is higher. If a company cannot prove adequate security practices or does not have an established data processor agreement, a Tier One fine can be filed against that company. Tier Two is even more severe, with a fine of 4% of the company's annual turnover, or 20 million euros, whichever is higher. In situations where data subjects' rights have been infringed upon or breaches of main processing principles have occurred, companies can face a Tier Two fine (
  • Removal of the Automated Decision Making Digital Marketing Ability: Ad targeting is a crucial component of a digital marketing campaign. With GDPR, the manner in which marketers can target ads is significantly impacted. One component of GDPR is the ban on automated decision making: a targeted marketing decision cannot be made by automated means alone; it now requires the need for human involvement. As a result, companies and websites can no longer target ads by drawing assumptions based off of individual's personal data. The term "personal data" encompasses much more than an individual's age, gender, or geographic location. Categories such as social media accounts, workplace or school, phone number, and in some cases, IP addresses, are classified as personal data and are protected under GDPR (
  • Prior to the implementation of GDPR, digital marketers could use personal data to successfully display relevant ads to customers whose profile classified them as likely interested in a product or service. Today, GDPR's requirement of meaningful and explicit consent for data sharing is changing the game for ad targeting. Now that automated decision making is regulated by GDPR and individuals have the ability to opt out of data sharing, digital marketers will have to create new ways to reach their desired markets.
  • Out with Behavioral Profiling. In with Contextual Marketing.  As we know, a substantial implication of GDPR is the ability for an individual to deny companies the ability to access and use their personal data. EU citizens have the right, through GDPR, to keep their personal data protected. For digital marketers, a decrease in the volume of a customer's "stats" and information can be crippling. This allows for behavioral profiling, a strategy that collects data points and forms profiles of desired customers or target markets for a business. Because endless numbers of potential customers can deny access to personal information, marketers will have to look to methods other than behavioral profiling to assist with their marketing efforts.
  • In the May 21, 2018 online edition of the Harvard Business Review, author Dipayan Ghosh explains that "contextual" advertising is the solution to eliminate behavioral profiling. Contextual marketing "displays ads based on the content that a consumer is viewing in real-time." In other words, ads are placed when the context of the ad matches the content of the webpage that an individual is browsing, rather than placing an ad based on how a consumer's personal data matches a behavioral profile. GDPR's introduction of the right of an EU citizen to protect their personal data means that digital marketers will have to be less reliant on behavioral profiling, and instead more comfortable with content-driven targeting methods.

As the rollout of GDPR continues, global hospitality brands (and smaller companies with European citizens in their database) and digital marketing professionals must proceed and carefully navigate the uncertain path ahead. As previously indicated, on May 26th, the day after GDPR went into effect, Google, as well as Facebook and its subsidiaries Whatsapp and Instagram, immediately faced lawsuits for their failure to comply with GDPR. Max Schrems, an Australian lawyer and advocate for data privacy, led the charge of lawsuits against these major companies.

Choose a Social Network!

The social network you are looking for is not available.


Hotel Newswire Headlines Feed  

David Hogan
Robert Rauch
Kathleen Pohlid
Deborah Forrest
John Tess
Steven Ferry
Julian Jost
Lily Mockerman
Richard D. Hanks
Joyce Gioia
Coming up in June 2019...

Sales & Marketing: Selling Experiences

There are innumerable strategies that Hotel Sales and Marketing Directors employ to find, engage and entice guests to their property, and those strategies are constantly evolving. A breakthrough technology, pioneering platform, or even a simple algorithm update can cause new trends to emerge and upend the best laid plans. Sales and marketing departments must remain agile so they can adapt to the ever changing digital landscape. As an example, the popularity of virtual reality is on the rise, as 360 interactive technologies become more mainstream. Chatbots and artificial intelligence are also poised to become the next big things, as they take guest personalization to a whole new level. But one sales and marketing trend that is currently resulting in major benefits for hotels is experiential marketing - the effort to deliver an experience to potential guests. Mainly this is accomplished through the creative use of video and images, and by utilizing what has become known as User Generated Content. By sharing actual personal content (videos and pictures) from satisfied guests who have experienced the delights of a property, prospective guests can more easily imagine themselves having the same experience. Similarly, Hotel Generated Content is equally important. Hotels are more than beds and effective video presentations can tell a compelling story - a story about what makes the hotel appealing and unique. A video walk-through of rooms is essential, as are video tours in different areas of a hotel. The goal is to highlight what makes the property exceptional, but also to show real people having real fun - an experience that prospective guests can have too. The June Hotel Business Review will report on some of these issues and strategies, and examine how some sales and marketing professionals are integrating them into their operations.