GDPR and Its Impact on Digital Marketing: What We Think We Know

By Leora Halpern Lanz President, LHL Communications | July 15, 2018

Co-authored by Elise Borkan, Boston University School of Hospitality Administration

It is undeniable that GDPR is the current catch phrase and hot topic for global marketers in all sectors. May 25, 2018, marked the official start of the European Union's (EU) General Data Protection Regulation (GDPR) ruling, though businesses and organizations around the world have been managing the potential consequences of GDPR for months; many of us have likely received a barrage of emails indicating company privacy policy updates.

In short, GDPR is defined by the EU's Data Protection Agency and "regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU" (European Commission). As a result of increasingly concerning practices and determination to protect data, regulations in the European Union have pushed these concerns directly to the surface. A new world of GDPR compliance is now upon us. It is here and we must pay careful attention in order to prevent an infliction of hefty financial penalties or perhaps even damaging negative word of mouth.

Businesses are already faced with the ramifications of GDPR since its recent implementation. Facebook had already been very publicly subjected to questioning by the U.S. Congress and foreign governments to instill a new paradigm of protection of users' private information. Additionally, in our hospitality landscape, several of the large global hotel brands had already been victim to data breaches on a grand scale (Hyatt 2017, Hilton 2017, IHG 2016). The issue of personal data and privacy protection has been rampant and now marketers have to be even more in tuned to potential consequences.

As GDPR impacts all industries globally, hospitality companies must become hyper-aware of their digital marketing practices and management of customer personal data in order to comply with the EU's regulations. While GDPR pertains to various disciplines for a company's collection of data (such as HR needs) marketers, particularly digital marketers must note real issues as it pertains to the following areas:

  • Privacy Policy Updates: Chief marketing officers must ask whether their hospitality business or organization has conducted a privacy policy update since the introduction of GDPR. If not, the clock is ticking and the firm is at risk of a GDPR violation and fine by the European Union. Companies around the world have revised and/or updated privacy policies and informed their customers (email databases) of such updates. Individuals must clearly give consent by clicking a link or checking a box agreeing to new privacy policies for the company to legally collect their personal data and continue to contact them. Companies cannot consider the individual's 'silence' or non-response to a consent request as an affirmative agreement to privacy policies and data sharing.
  • While GDPR is a law that protects European citizens, "every entity that holds or uses European personal data whether they operate inside or outside of Europe" is subjected to the regulations of GDPR and is responsible for complying ( Businesses that have yet to update privacy policies and require their customers and subscribers to actively consent to the continuation of data sharing can face hefty fines. There are two tiers of fines imposed by the EU, and they vary depending on the severity of the GDPR violation. Tier One includes a fine of 2% of a company's annual turnover, or 10 million euros, whichever is higher. If a company cannot prove adequate security practices or does not have an established data processor agreement, a Tier One fine can be filed against that company. Tier Two is even more severe, with a fine of 4% of the company's annual turnover, or 20 million euros, whichever is higher. In situations where data subjects' rights have been infringed upon or breaches of main processing principles have occurred, companies can face a Tier Two fine (
  • Removal of the Automated Decision Making Digital Marketing Ability: Ad targeting is a crucial component of a digital marketing campaign. With GDPR, the manner in which marketers can target ads is significantly impacted. One component of GDPR is the ban on automated decision making: a targeted marketing decision cannot be made by automated means alone; it now requires the need for human involvement. As a result, companies and websites can no longer target ads by drawing assumptions based off of individual's personal data. The term "personal data" encompasses much more than an individual's age, gender, or geographic location. Categories such as social media accounts, workplace or school, phone number, and in some cases, IP addresses, are classified as personal data and are protected under GDPR (
  • Prior to the implementation of GDPR, digital marketers could use personal data to successfully display relevant ads to customers whose profile classified them as likely interested in a product or service. Today, GDPR's requirement of meaningful and explicit consent for data sharing is changing the game for ad targeting. Now that automated decision making is regulated by GDPR and individuals have the ability to opt out of data sharing, digital marketers will have to create new ways to reach their desired markets.
  • Out with Behavioral Profiling. In with Contextual Marketing.  As we know, a substantial implication of GDPR is the ability for an individual to deny companies the ability to access and use their personal data. EU citizens have the right, through GDPR, to keep their personal data protected. For digital marketers, a decrease in the volume of a customer's "stats" and information can be crippling. This allows for behavioral profiling, a strategy that collects data points and forms profiles of desired customers or target markets for a business. Because endless numbers of potential customers can deny access to personal information, marketers will have to look to methods other than behavioral profiling to assist with their marketing efforts.
  • In the May 21, 2018 online edition of the Harvard Business Review, author Dipayan Ghosh explains that "contextual" advertising is the solution to eliminate behavioral profiling. Contextual marketing "displays ads based on the content that a consumer is viewing in real-time." In other words, ads are placed when the context of the ad matches the content of the webpage that an individual is browsing, rather than placing an ad based on how a consumer's personal data matches a behavioral profile. GDPR's introduction of the right of an EU citizen to protect their personal data means that digital marketers will have to be less reliant on behavioral profiling, and instead more comfortable with content-driven targeting methods.

As the rollout of GDPR continues, global hospitality brands (and smaller companies with European citizens in their database) and digital marketing professionals must proceed and carefully navigate the uncertain path ahead. As previously indicated, on May 26th, the day after GDPR went into effect, Google, as well as Facebook and its subsidiaries Whatsapp and Instagram, immediately faced lawsuits for their failure to comply with GDPR. Max Schrems, an Australian lawyer and advocate for data privacy, led the charge of lawsuits against these major companies.

Choose a Social Network!

The social network you are looking for is not available.


Hotel Newswire Headlines Feed  

Coming up in April 2019...

Guest Service: A Culture of YES

In a recent global consumers report, 97% of the participants said that customer service is a major factor in their loyalty to a brand, and 76% said they view customer service as the true test of how much a company values them. And since there is no industry more reliant on customer satisfaction than the hotel industry, managers must be unrelenting in their determination to hire, train and empower the very best people, and to create a culture of exceptional customer service within their organization. Of course, this begins with hiring the right people. There are people who are naturally service-oriented; people who are warm, empathetic, enthusiastic, pleasant, thoughtful and optimistic; people who take pride in their ability to solve problems for the hotel guests they are serving. Then, those same employees must be empowered to solve problems using their own judgment, without having to track down a manager to do it. This is how seamless problem solving and conflict resolution are achieved in guest service. This willingness to empower employees is part of creating a Culture of Yes within an organization.  The goal is to create an environment in which everyone is striving to say “Yes”, rather than figuring out ways to say, “No”. It is essential that this attitude be instilled in all frontline, customer-facing, employees. Finally, in order to ensure that the hotel can generate a consistent level of performance across a wide variety of situations, management must also put in place well-defined systems and standards, and then educate their employees about them. Every employee must be aware of and responsible for every standard that applies in their department. The April issue of the Hotel Business Review will document what some leading hotels are doing to cultivate and manage guest satisfaction in their operations.