GDPR and Its Impact on Digital Marketing: What We Think We Know

By Leora Halpern Lanz President, LHL Communications | July 15, 2018

Co-authored by Elise Borkan, Boston University School of Hospitality Administration

It is undeniable that GDPR is the current catch phrase and hot topic for global marketers in all sectors. May 25, 2018, marked the official start of the European Union's (EU) General Data Protection Regulation (GDPR) ruling, though businesses and organizations around the world have been managing the potential consequences of GDPR for months; many of us have likely received a barrage of emails indicating company privacy policy updates.

In short, GDPR is defined by the EU's Data Protection Agency and "regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU" (European Commission). As a result of increasingly concerning practices and determination to protect data, regulations in the European Union have pushed these concerns directly to the surface. A new world of GDPR compliance is now upon us. It is here and we must pay careful attention in order to prevent an infliction of hefty financial penalties or perhaps even damaging negative word of mouth.

Businesses are already faced with the ramifications of GDPR since its recent implementation. Facebook had already been very publicly subjected to questioning by the U.S. Congress and foreign governments to instill a new paradigm of protection of users' private information. Additionally, in our hospitality landscape, several of the large global hotel brands had already been victim to data breaches on a grand scale (Hyatt 2017, Hilton 2017, IHG 2016). The issue of personal data and privacy protection has been rampant and now marketers have to be even more in tuned to potential consequences.

As GDPR impacts all industries globally, hospitality companies must become hyper-aware of their digital marketing practices and management of customer personal data in order to comply with the EU's regulations. While GDPR pertains to various disciplines for a company's collection of data (such as HR needs) marketers, particularly digital marketers must note real issues as it pertains to the following areas:

  • Privacy Policy Updates: Chief marketing officers must ask whether their hospitality business or organization has conducted a privacy policy update since the introduction of GDPR. If not, the clock is ticking and the firm is at risk of a GDPR violation and fine by the European Union. Companies around the world have revised and/or updated privacy policies and informed their customers (email databases) of such updates. Individuals must clearly give consent by clicking a link or checking a box agreeing to new privacy policies for the company to legally collect their personal data and continue to contact them. Companies cannot consider the individual's 'silence' or non-response to a consent request as an affirmative agreement to privacy policies and data sharing.
  • While GDPR is a law that protects European citizens, "every entity that holds or uses European personal data whether they operate inside or outside of Europe" is subjected to the regulations of GDPR and is responsible for complying (eugdprcompliant.com). Businesses that have yet to update privacy policies and require their customers and subscribers to actively consent to the continuation of data sharing can face hefty fines. There are two tiers of fines imposed by the EU, and they vary depending on the severity of the GDPR violation. Tier One includes a fine of 2% of a company's annual turnover, or 10 million euros, whichever is higher. If a company cannot prove adequate security practices or does not have an established data processor agreement, a Tier One fine can be filed against that company. Tier Two is even more severe, with a fine of 4% of the company's annual turnover, or 20 million euros, whichever is higher. In situations where data subjects' rights have been infringed upon or breaches of main processing principles have occurred, companies can face a Tier Two fine (eugdprcompliant.com).
  • Removal of the Automated Decision Making Digital Marketing Ability: Ad targeting is a crucial component of a digital marketing campaign. With GDPR, the manner in which marketers can target ads is significantly impacted. One component of GDPR is the ban on automated decision making: a targeted marketing decision cannot be made by automated means alone; it now requires the need for human involvement. As a result, companies and websites can no longer target ads by drawing assumptions based off of individual's personal data. The term "personal data" encompasses much more than an individual's age, gender, or geographic location. Categories such as social media accounts, workplace or school, phone number, and in some cases, IP addresses, are classified as personal data and are protected under GDPR (eugdprcompliant.com).
  • Prior to the implementation of GDPR, digital marketers could use personal data to successfully display relevant ads to customers whose profile classified them as likely interested in a product or service. Today, GDPR's requirement of meaningful and explicit consent for data sharing is changing the game for ad targeting. Now that automated decision making is regulated by GDPR and individuals have the ability to opt out of data sharing, digital marketers will have to create new ways to reach their desired markets.
  • Out with Behavioral Profiling. In with Contextual Marketing.  As we know, a substantial implication of GDPR is the ability for an individual to deny companies the ability to access and use their personal data. EU citizens have the right, through GDPR, to keep their personal data protected. For digital marketers, a decrease in the volume of a customer's "stats" and information can be crippling. This allows for behavioral profiling, a strategy that collects data points and forms profiles of desired customers or target markets for a business. Because endless numbers of potential customers can deny access to personal information, marketers will have to look to methods other than behavioral profiling to assist with their marketing efforts.
  • In the May 21, 2018 online edition of the Harvard Business Review, author Dipayan Ghosh explains that "contextual" advertising is the solution to eliminate behavioral profiling. Contextual marketing "displays ads based on the content that a consumer is viewing in real-time." In other words, ads are placed when the context of the ad matches the content of the webpage that an individual is browsing, rather than placing an ad based on how a consumer's personal data matches a behavioral profile. GDPR's introduction of the right of an EU citizen to protect their personal data means that digital marketers will have to be less reliant on behavioral profiling, and instead more comfortable with content-driven targeting methods.

As the rollout of GDPR continues, global hospitality brands (and smaller companies with European citizens in their database) and digital marketing professionals must proceed and carefully navigate the uncertain path ahead. As previously indicated, on May 26th, the day after GDPR went into effect, Google, as well as Facebook and its subsidiaries Whatsapp and Instagram, immediately faced lawsuits for their failure to comply with GDPR. Max Schrems, an Australian lawyer and advocate for data privacy, led the charge of lawsuits against these major companies.

Choose a Social Network!

The social network you are looking for is not available.

Close
Coming up in January 2019...

Mobile Technology: The Future is Now

Mobile Technology continues to advance at a relentless pace and the hotel industry continues to adapt. Hotel guests have shown a strong preference for mobile self-service - from checking-in/out at a hotel kiosk, to ordering room service, making dinner reservations, booking spa treatments, and managing laundry/dry cleaning services. And they also enjoy the convenience of paying for these services with smart phone mobile payments. In addition, some hotels have adopted a “concierge in your pocket” concept. Through a proprietary hotel app, guests can access useful information such as local entertainment venues, tourist attractions, event calendars, and medical facilities and services. In-room entertainment continues to be a key factor, as guests insist on the capacity to plug in their own mobile devices to customize their entertainment choices. Mobile technology also allows for greater marketing opportunities. For example, many hotels have adopted the use of “push notifications” - sending promotions, discounts and special event messages to guests based on their property location, purchase history, profiles, etc. Near field communication (NFC) technology is also being utilized to support applications such as opening room doors, earning loyalty points, renting a bike, accessing a rental car, and more. Finally, some hotels have adopted more futuristic technology. Robots are in use that have the ability to move between floors to deliver room service requests for all kinds of items - food, beverages, towels, toothbrushes, chargers and snacks. And infrared scanners are being used by housekeeping staff that can detect body heat within a room, alerting staff that the room is occupied and they should come back at a later time. The January Hotel Business Review will report on what some hotels are doing to maximize their opportunities in this exciting mobile technology space.