Trends & Insights GDPR – 5 Last Minute Things That You Need To Do Laura Badiu // June 18, 2018 // 5 minute read You probably know by now that the EU General Data Protection Regulation (GDPR) is a new implementation, meant to reinforce the protection of customer data and online safety, as well as increasing the transparency of data exchange between customers and businesses. Having our headquarter in Munich, we’re proud to say that TrustYou is GDPR compliant and we have thoroughly researched the topic and adopted the new regulations. That being said, the GDPR deadline went by and hoteliers might now feel like the challenge has been completed. However, we’d like to emphasize on some last minute strategies that can still be checked and implemented, in order to make sure that hotels from all over the globe properly collect, store and manage personal customer data, as well as provide all of the necessary information, in the easiest and most transparent way. This will not only prevent hoteliers from getting sanctioned, but will also provide customers with more access to their personal data and the way it is handled. Make sure that your hotel website is secure The easiest way to put this is the following: “http://” does not cut it anymore. In order to make sure that all of the processed data is completely secure, any website now requires at least the SSL (Secure Sockets Layer) encryption. When installed on a web server, thereby the https protocol is activated and allows secure connections from a web server to a browser. Basically, this is the first sign that any website visitor gets in regards of a secure connection and data exchange. Also on the topic of website safety, don’t forget about enabling the cookie consent. This is used to identify any user/individual and the details of consenting to cookies should be made clear in an opt-in box. Inform customers of their rights regarding consent Consent is absolutely necessary in order to process any customer data and personal information. This is why it’s imperative to ask users for their consent and let them know what rights they have in regards of this topic. All the website visitors have to understand why you need their personal data and how you are going to process it, as well as acknowledge their right of asking for disconfirmation at any time. Also, contacts have the right to submit subject access requests and in this case, the hotel has 30 days to provide a copy of any information that it stores about that certain customer. The overall information about rights and consent has to be delivered in a simple way, easy to understand and without jargon. Ensure transparency in regards of third-parties There are many cases in which a hotel transfers customer data to third parties, for better functionality and eased operations. However, it is crucial for customers to know where their personal data will go and what the purpose of this transfer is. Users need to be informed of any transfered data and of the exact names of the third party companies. Just stating the type of organization is not enough. Once again, complete transparency must be a priority when it comes to any type of usage of personal data. Train the staff and assign a GDPR officer GDPR regulations might be implemented at a management level, but every staff member of a hotel should know what the changes are and how to properly work with them. Especially when it comes to the marketing department, which deals with a hotel’s website, email campaigns, content and promotions, it’s absolutely necessary for the members to acknowledge and abide the new regulations. A hotel with a more complex structure, such as a chain or a large establishment, is even encouraged to appoint a GDPR officer; a person who is in complete control of the notions and rules that come with GDPR and offer assistance and guidance while implying it and operating under it. Create templates, notifications and FAQs Data protection and privacy has been around for a while, however, the new regulations expand the definitions and change operations, so questions are bound to arise. In order to avoid confusion and a large number of repetitive customer inquiries, it’s best to take time and create templates for notifications and FAQs. This ensures that you provide clear and concise answers and important details about the new GDPR changes. Make it clear that your hotel is GDPR compliant and that the personal data of users is securely collected, stored and managed. Allocating resources and constant support is a sign that you take protection and data privacy seriously and that your customer’s rights are of high priority to your business.