Opt in (to better marketing): the real intent of GDPR

Flip.to Blog·16 May 2018
There’s only days left until the May 25th deadline for GDPR compliance. Since our primer last month, we’ve continued to put a lot of thought into the regulation, its role in the marketing landscape, and traveler-focused approaches. That’s also meant making observations on how marketers the world around are handling it, too. Today, we got a fresh face on camera—Max, one of our front-end developers—to share some of our thoughts about one of the more rigorous aspects of GDPR compliance: opt-in and consents.

A Decade Later, CMOs Still Struggling To Optimize Routes To Revenue

Chief Marketing Officer (CMO) Council ·16 May 2018
Despite a mandate to drive growth, chief marketers are still stuck in a decade-long rut that has yet to see them fully optimize the lifetime value of existing customers. In 2008, when asked if brands were fully realizing the revenue potential of customers, 76 percent said no. Ten years later, 77 percent of respondents to the same question in a new Chief Marketing Officer (CMO) Council audit still say no, and 10 percent say they are not even sure.This failure to capitalize on customer revenue potential does not come as a surprise as the majority of marketers are missing an opportunity to leverage opt-in, triggered communications, including transactional email, to further relationships with customers. According to the latest study by the CMO Council and communication management platform Sendwithus, just 36 percent of respondents are leveraging transactional emails as an opportunity to further the value of relationships. While 30 percent believe they are engaging through triggered emails, it is only to reaffirm or acknowledge a past transaction, not to intentionally develop a more meaningful customer relationship. This occurs despite 94 percent of respondents' belief that delivery of personalized communications across all customer touchpoints is critical to achieving profitable customer experiences.The new report, titled "Gaining Traction With Every Digital Interaction," reveals that collaboration around the channels of choice for the customer is critical to turning an automated touchpoint into a revenue-producing opportunity. According to 34 percent of marketers, transactional emails are not leveraged as a relationship and revenue driver because they are created outside of marketing, with little opportunity to collaborate or align across functional areas.Following the inability to collaborate and align as a roadblock to success, meetings and manual processes emerge as additional gaps between the growth strategy and real-time delivery. When asked to detail the state of collaboration across key stakeholders in customer experience, 29 percent of marketers reveal that collaboration comes in the form of meetings to align on strategies and timelines while 26 percent say that collaboration is left to team leaders who collect input and feedback as needed."Collaboration around the customer should not be an afterthought," noted Liz Miller, Senior Vice President of Marketing for the CMO Council. "Consumers are triggering communications, quite literally giving brands the go-ahead to continue communications. According to the BMA, 75 percent of revenue attributed to email is generated by triggered campaigns versus the traditional marketing campaign. Yet far too often, we view the triggered email as an operational byproduct of an action...a functional task that can be automated and not a valuable opportunity to continue a dialogue. To overlook this touchpoint is, quite plainly, to overlook revenue and growth opportunities."Marketers plan to realize revenue through key strategies to optimize profitable relationships. Among the top strategies are personalizing communications across all touchpoints (64 percent) and identifying new ways to improve upsell and cross-sell opportunities for existing customers (64 percent). Marketers will also commit to continuous cycles of testing with the specific goal of improving individual communications to create more contextual and relevant experiences while 26 percent have committed to better leveraging opt-in communications like transactional emails."For marketers to execute on their commitment to optimize value across all touchpoints, they will be required to take specific and intentional actions to close the gaps that exist across functional silos," noted Matt Harris, Co-founder and CEO of Sendwithus. "This means facilitating efficient collaboration between teams, from marketing to product to engineering--teams committed to the common goal of delivering individualized, real-time, relevant and insight-driven email experiences. Transactional and triggered emails represent a massive opportunity to improve the customer experience and fuel growth, and effective, cross-functional collaboration is the key to unlocking that opportunity."The report is based on research conducted by the CMO Council though an online audit, which collected insights from 179 senior marketing leaders in the early months of 2018. Some 43 percent of respondents represent organizations with revenues more than $500 million USD per year, with 38 percent holding titles of CMO, senior vice president of marketing or head of marketing.The 25-page white paper also includes an investigation into how only 13 percent of marketers feel they are fully exploiting customer revenue opportunity strategies and engaging differently, including how these leaders are driving deeper relationships, collaborating across stakeholders and leveraging data to uncover new opportunities and options for engagement. To download the complimentary strategic brief, click here.About SendwithusSendwithus has been helping leading brands, including Microsoft, Autodesk, and Zillow craft exceptional communications experiences since 2013. Dyspatch by Sendwithus is a cloud-based, communications management platform that allows Enterprise organizations to centralize email security, compliance, and reputation management while streamlining collaborative creation, revision, and approval work flows. The GDPR-compliant solution empowers teams to deliver powerful, global communications that engage customers, drive growth and increase revenue. To learn more about Sendwithus, visit www.sendwithus.com. To learn more about Dyspatch by Sendwithus, visit www.dyspatch.io. To join the Sendwithus team, visit www.sendwithus.com/careers.
commercial

Unlocking travel security, part 2: The looming GDPR deadline

PhocusWire·14 May 2018
Equifax, Yahoo, Ebay – all major brands that have been the targets of cyber criminals, with millions of customers impacted in each case. Those attacks have been so large as to attract worldwide attention, but smaller attacks happen every day and across every sector. And as customer data is compromised, brand reputation and revenue can also take a hit.

HITEC Houston Keynote Speakers Announced, Exhibit Hall Sold Out

HFTP · 9 May 2018
Two authorities on operating your business in a digital-dependent world have been added to the education program for Hospitality Financial and Technology Professionals (HFTP)'s upcoming Hospitality Industry Technology Exposition and Conference (HITEC). The opening keynote presenter is Mike Walsh, a 21st century business designer, futurist, global nomad and author. The event's closing keynote is Theresa Payton, a former The White House CIO and cybersecurity authority. HITEC Houston is the second, and largest, of three HITEC events planned for 2018, and will take place from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA.On Monday, June 18, 2018, Mike Walsh will take the HITEC Houston stage from 4:30 to 5:45 p.m. to discuss his topic of "Reinventing Leadership for the Age of Machine Intelligence." Walsh is the CEO of Tomorrow, a global consultancy on designing companies for the 21st century. He advises leaders on how to thrive in the current era of disruptive technological change rather than focusing on the distant future. Walsh takes an anthropological approach scanning the near horizon for emerging technologies and disruptive shifts in human behavior, and then translating these into pragmatic plans for digital transformation. He has many clients spanning the global Fortune 500, and also founded Jupiter Research in Australia.On Thursday, June 21, 2018, Theresa Payton will take the HITEC Houston stage from 2:15 to 3:15 p.m. to discuss her topic of "Hype or Reality? Your Workplace and Blockchain, Cryptocurrency, Artificial Intelligence, Machine Learning and the Internet of Things." Payton was the first female to serve as The White House chief information officer, and she was named number four on IFSEC Global's list of the world's Top 50 cybersecurity influencers in security and fire 2017. Payton is a well-respected authority on Internet security, data breaches and fraud mitigation. With real-world strategies and solutions, she helps public and private sector organizations protect their most valuable resources."The HITEC Advisory Council has planned a stellar education program for this year's event, including two reputable keynote speakers," said HFTP CEO Frank Wolfe. "Shifting gears into today's technology dependent society, both keynote speakers have extensive knowledge on how businesses and leadership can adapt into more modernized, thus successful, entities."Booth space for HITEC Houston is sold out. A waiting list is available on a first-come, first-served basis for booth space - a floor plan of the exhibit hall is available on the HITEC Houston website. HITEC is the world's largest hospitality technology exposition and conference with over 337 companies and 887 booths occupying this year's show floor. HITEC offers a unique combination of top-notch hospitality technology education, led by industry peers and experts, and an unparalleled trade show showcasing the latest hospitality technology products and services. Beginning in early June 2018, HITEC Houston exhibitors will have the opportunity to select space in advance for next year's show.In addition to HITEC Houston, HFTP has several other events upcoming in 2018. HFTP Annual Convention will October 24-26 at the Omni Louisville Hotel in Louisville, Kentucky USA. HITEC Dubai will take place December 5-6 at the Madinat Jumeirah in Dubai, UAE. For more information about HFTP's international events, visit www.hftp.org and www.hitec.org or contact the HFTP Meetings & Special Events Department at education@hftp.org.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes, HFTP GDPR Bytes and HFTP FB Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career.Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.###
commercial

Caveau Announces Partnership with Sure Travel

Caveau - CardVault · 9 May 2018
Miami, FL -- Caveau, the personalized credit card vault technology designed to simplify financial transactions and safeguard personal and financial data, has announced a new partnership with Sure Travel, based in South Africa. The standardized PCI-compliant software and service custom-built for the travel industry provides a secure platform built upon Amazon Web Services (AWS) to limit dangers relating to processing, storing and transmitting credit cards and personal data in a GDPR, PCI and PII-friendly format. Caveau will deliver customized solutions to help Sure Travel meet critical new industry regulations and protect its customers, assets and public reputation.With GDPR and PCI-DSS with effective dates of May 25 and March 10, 2018, respectfully and the increasing threat of hackers and cyber theft, Sure Travel was searching to identify cost-effective ways to achieve compliance today and into the future. Says company CFO, Stefan van der Merwe, "After extensive research and a long hunt for an effective and affordable solution to secure our payment card handling processes, we are thrilled to have found a provider capable of understanding our needs. Caveau offers state-of-the-art capabilities and deep knowledge of the travel industry, enabling us to serve our global customers and partners confidently and securely."According to Caveau CSO, Brian Dass, the partnership with Sure Travel is one of a series of new relationships for the recently launched software solution capable of delivering support to travel agencies, hotels and virtually any company that handles credit cards and personally identifiable information. "We're excited to be working with Sure Travel to reduce the risks associated with of GDPR and PCI compliance. Our innovative product and comprehensive services lets travel businesses of all types and sizes focus on what they do best while avoiding fines and penalties and maintaining a sterling reputation that's so crucial to success."Caveau is providing Sure Travel with a validated product for assisting with GDPR and PCI-compliance that's easy to use and backed by exceptional 24/7 global technical support. Additional benefits include:Seamless integration or tokenization with 3rd-party GDSs, PMSs and OTAsLower costs managing secure transactions and data storageMinimize risks of harmful reviews and negative publicityImproved consumers trust and increased booking revenuesAbout Sure Travel: Sure Travel is owned by holding company Sure Holdings (Pty) Ltd, which also includes the travel services divisions Sure Corporate, Agent Points and Sure Online. The recognized and respected travel brand has over 80 agencies in South Africa, Namibia and Botswana offering holiday packages, flight specials, car hire, foreign exchange, travel insurance and corporate travel services.
commercial

Why GDPR compliance will strengthen your hotel's relationship marketing

eHotelier.com· 8 May 2018
On May 25th, the European Union’s General Data Protection Regulation – GDPR – goes into effect. GDPR specifies that customers must explicitly consent for their personal information to be processed and used by third party sites. This clearly marks a shift towards starting to build a quality relationship with your hotel guests.
commercial

Now Available for Download: HEBS Digital's GDPR Whitepaper

HEBS Digital · 8 May 2018
Download the GDPR Whitepaper: What Hotels Need to Know and How to Prepare to learn about:What the GDPR is: Get familiar with the new data protection and privacy regulation affecting EU citizens.The Most Important Changes that Come with the GDPR: Discover the most important changes that will be affecting hotels.How the GDPR Applies to Hotel Data Policies: There are six main ways that this new regulation will affect data policies.How Your Hotel Can Prepare: Learn the steps you will need to take to ensure compliance throughout your website and digital marketing.Plus, other valuable information regarding the GDPR.Gain access to these insights when you download the GDPR whitepaper today.

Is Your Hotel's Data Secure?

apaleo GmbH · 8 May 2018
Is Your Hotel's Data Secure?How To Process Payments Risk-FreeAre you taking the right actions to make sure that your hotel's data is secure? There are security measures and standards in place to ensure that you and your guests aren't at risk, particularly when processing payments. Here are the details about these standards, what they mean for your hotel, and how to ensure that you are safe.An Overview of PCI DSSWhat is PCI DSS?PCI DSS is short for the Payment Card Industry Data Security Standard. Opposed to GDPR, the PCI DSS is not a law, but a standard defined and maintained by an independent entity created by major payment card brands. Whenever you want to accept credit cards from brands like VISA and MasterCard, you are required to be compliant with this security standard. The PCI DSS can be seen as a collection of best practices or rules on how to treat the sensible payment card data entrusted to you by your guests in order to prevent data breach and fraud.Do I have to be compliant?Whenever you make a contract with a payment service provider to process credit cards on-premises or online, you will have to demonstrate your compliance. Depending on the payment provider or the acquiring bank and the size of your business you have either to fill out a self-questionnaire or might even have to conduct an on-site audit with a Qualified Security Assessor (QSA).What can happen if I am not compliant with PCI DSS?If payment card data entrusted to you is leaked and misused the payment brands will penalize the acquiring bank. Those fines might be passed to you as a merchant if you are found to be non-compliant. They can be somewhere between 5,000 EUR and 100,000 EUR for every month you are non-compliant, and, in the worst case, you might lose the right to accept payment cards from the major payment card brands. In addition, you could face legal issues and a damage of your reputation. So, best is to see the rules from the PCI DSS as a guide that helps you to secure your business.Choosing Compliant Technology PartnersHotels can ensure that they remain PCI DSS compliant by choosing technology partners that are PCI DSS certified. This applies to any technology that the hotel uses to process payments, which, for most hotels will start with their PMS. As apaleo was building its PMS architecture, PCI compliance was considered from the start, so we were certified within a matter of weeks.How do technology partners get certified?Technology providers should conduct on-site audits to prove compliance. At apaleo, these audits are conducted yearly. QSA Adsigo inspects the technical implementation to identify any potential risks how sensitive cardholder data can be leaked and also checks our security policies and processes. When compliance can be validated, technology providers receive an AOC. apaleo customers can download ours here. With this AOC and the acknowledgment of responsibility from your provider, hoteliers can easily fulfill the requirement 12.8 from the PCI DSS on service provider management.A Hotel's ResponsibilitiesTechnology partners like apaleo allow hotels to run their business in compliance with PCI DSS, but there are still things you need to take care of. Full details on which requirements you need to fulfill can be found on the official website of the PCI Security Standards Council.E-Commerce and Mail Order / Telephone Order (MoTo)If you accept cards on your website and other online channels like booking.com, or you accept credit cards for mail and telephone orders, then the PCI requirements will be related to restricting user access to cardholder data, ensuring compliance of your service providers and maintaining an incident response plan at max. This also depends on your bank or payment service provider.Card-present with modern IP based card terminalsIf you also process payment cards on-premises using a modern IP based terminal connected to the payment service provider through the internet you will be exposed to additional requirements. Most banks or payment service providers will only obligate you to this high standard if you are processing a high volume of terminal transactions though. The payment service provider Adyen, which is used for payment processing in apaleo, currently only sets these high standards if you process more than 1mio transactions.If so, then you will have to clearly separate the network of the IP terminals from the other networks in your hotel and have firewall rules in place that ensure the terminals can only communicate with the payment service provider through securely encrypted connections. All systems connected to the network of the IP terminals will belong to the so-called card data environment (CDE). Only authorized persons should have access to those systems, which also implies heavier policies and documentation efforts to you. On top of that you will have to run a quarterly external vulnerability scan.

GDPR Tools for Hoteliers

Max Starkov | The HeBS blog· 7 May 2018
With the European Union’s new privacy law, the General Data Protection Regulation (GDPR), beginning on May 25th, many changes will affect hotels across the globe. In order to help hoteliers navigate these new regulations, HEBS Digital has prepared a suite of tools including a checklist and terms to know.
commercial

Now Available for Download: HEBS Digital's GDPR Whitepaper

Max Starkov | The HeBS blog· 4 May 2018
At HEBS Digital, we make it our job to keep hoteliers in the know about the latest developments in the industry that could affect their online strategies. The European Union’s new privacy law, the General Data Protection Regulation (GDPR), begins on May 25th and will affect hotels across the globe. We’ve prepared some tools to help you navigate this change.
Article by Einar Rosenberg

Texting guests is about to be a HUGE legal liability that can cost a hotel 4% of its annual revenue

TND NFC by Creating Revolutions · 3 May 2018
Every GM knows the equation for implementing new hotel services. Benefit must be greater than the cost. In 2017, the most popular new craze for hotels was text messaging guests. The cost was low and the benefits were high. But in 2018, that cost is going to sky rocket, thanks to the GDPR or General Data Protection Regulation. If your hotel hasn't heard of the GDPR yet, you better learn fast, because it's going to change how nearly every hotel around the world does business. At its core, the GDPR is the strongest consumer privacy and protection laws in history. Though the GDPR was created by the EU, it's not limited to Europe, its Global. And starting this May, the GDPR goes active. So why will the GDPR affect guest text messaging services in hotels? Because the GDPR has 4 requirements that text messaging just can't accomplish, leaving a legal liability with penalties of up to 4% a hotel company's entire annual revenue.These 4 liabilities include: 1. Usage Explanation 2. Lack of Security 3. Privacy by Design 4. No 3rd Party Protection Barrier Usage Explanation The GDRP requires that a hotel give Usage Explanation in "Non-Legalese". For an industry used to giving guests long legal documents that blanket protect every possible liability from alien attacks to the kitchen sink, those days are gone. How can a hotel cover themselves when they cannot use legal language to protect themselves from legal liability? The GDPR also requires a hotel to easily and clearly explain what they will do with the guests information, how will they use it, by whom, where and more. That is a herculean, considering today's hotels use complex algorithms and artificial intelligence to process a guest's information. How can you easily explain such complexities to the average guest? Add in explanations about how the guest can easily opting in and out easily, and the average 140 character text message your guest is used to, will now be as long as a 19th century Russian novel. Lack of Security The GDPR also has security requirements. Not good news for something like text messaging, which never had any real security and never will. The first text message was sent in 1992, back when dialup modems ruled the world. Since then, the technology has barely changed from that first SMS. What's worse is that SMS is an integral part of Signaling System No.7. More commonly known as SS7, it is a critical part of the architecture that basically all mobile phone systems are built on. The reason SS7 means trouble for SMS is because in 2017, access to the SS7 network started being offered by hackers on the dark web for just $500. With as little information as a phone number, you could now not only eavesdrop on text messages but manipulate or even block messages. The SS7 vulnerability can even track a person without the need of using a virus or malware. Text Messaging has no encryption and its infrastructure is a closed loop system that has no identity confirmation, so anyone can access it today and no one would even know it. But it's not the mere possibility of text message hacking that is the problem. The problem translates into real dollars lost for hotels. Imagine someone creating random messages to your staff, sending them in all directions of your hotel property, based on false requests. Or requesting expensive services or products that get delivered to a guest who hasn't asked for it. And imagine a guest receiving a message they thought was from the hotel, with a link that says billing invoice, which ends up installing a virus into that guest's phone. These days, it doesn't take some sophisticated hacker to screw with your business. Just about anyone can buy hacker software or hacking services, which can steal from your hotel or create chaos. The most popular ransomware today, is easily available to anyone for as little as $20. How secure are you feeling about the security of text messages now? Privacy by Design A more interesting requirement of the GDPR has to do with requiring a system to include privacy by design. Here is how the GDPR explains it: "Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition." Not one text messaging service used today, has an original design that includes privacy as a core element of the design. And adding privacy now to their existing system is not allowed. The only choice a service provider would have is to build their whole system from scratch, and even then, it still wouldn't meet the security liabilities inherent in text messaging. By the way, the SS7 vulnerability was shown publicly in 2014, so any companies that try to state their original design was based on the privacy liabilities of the time, better make sure their original design is older than 5 years ago. No 3rd Party Protection Barrier The fourth liability has been a key protection for most companies today. If they use a third party service and the third party gets hacked, the client company is not liable. The GDPR will not accept that excuse. In fact, the 3rd party providers won't accept that excuse either. Take a look at what Twilio is telling their clients. Twilio is hands down the most popular text messaging infrastructure service today, used by 1000's of Apps and web service providers. In fact, Twilio has a 59.85% market share in the US. So what does Twilio have to say to their clients, as to how well protected they are against GDPR? "Your responsibilities under GDPR will depend on the nature of your business and your personal data processing activities. Nonetheless, broadly speaking, GDPR requires that personal data be:1. Processed lawfully, fairly and in a transparent manner 2. Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes 3. Adequate, relevant, and limited to what is necessary for achieving those purposes 4. Accurate and kept up to date 5. Stored no longer than necessary to achieve the purposes for which it was collected, and 6. Properly secured against accidental loss, destruction or damage. What's the definition of "personal data" under the GDPR? Personal data means data that relates to an identified or identifiable natural person (aka "data subject"). An identifiable data subject is someone who can be identified, directly or indirectly, such as by reference to an identifier like a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Importantly, this is a very broad definition and can encompass data like IP addresses of a user's personal device, their device ID, or their phone number. It does not matter that the identifier could change (e.g., that the user could change their phone number or device ID). What matters is that the information can be used to "pick that user out of the crowd" even if you don't know who that user is. It is also important to note that the definition of personal data is not tied to concerns about identity theft the way that definitions of personally identifying information (PII) are under many US data breach laws. So, even if it seems like there would be little privacy harm if someone got ahold of your users' IP addresses that does not mean that those IP addresses are not personal data. It just means that this data may not require the same level of data protection as more sensitive personal data like your users' credit card numbers." So what does this all mean for companies who used to feel a barrier of protection, via a middle man? Sounds like those middle men are telling you, "Good Luck with That". In conclusion, text messaging is a convenient technology to use, and key to its use includes the most important identifiers about a guest, their phone number, which is running on the most essential informational device in your guest's life. Does any hotel really want to risk liability on a decades old technology with no real security? Especially with the GDPR and other legislations being released, as well as multiple class action lawsuits, and thanks to Facebook, the strongest consumer sentiment in favor of privacy ever, all occurring NOW? Two supplemental points to consider: 1. What business in the US today has the highest concentration of tourists? Answer, hotels, hence why they are the most susceptible to these new privacy laws. Think about it for a second. Both retail and restaurant are not likely to get a foreign tourist to sign up for anything or to keep any personal details about them. This is completely the opposite of a hotel which usually asks many pieces of information which they store include the person's name, credit card information for later charging, etc. For foreigners they often requests their passport as well. So hotels are the most likely to be affected by the GDPR. 2. Why are text messages and chat the highest vulnerability for hotels? Answer, it's the most important and relevant single identifier of a person. Data, especially coming from multiple sources is useless if you don't have a single consistent identifier to connect all that data together. Now think about this for a minute. There are 1000's of John Smiths out there, so names won't work as a key identifier. And practically everyone has more than one email address. As for addresses, people move. But the mobile phone number is the only consistency no matter what. With numbers portability, it's now easy to carry your mobile number to a different carrier. And with nearly half of all households now mobile only, even when a person moves, they keep their phone number. Even if it's a different area code, or they change jobs or anything, they always take their phone number. Now this isn't just for text messaging but also for the most popular form of chat used today by Europeans, which is WhatsApp. WhatsApp doesn't use a username but rather a phone number as the key identifier
commercial

Benbria Announces Compliance with European Data Protection Regulations.

Benbria Corporation · 3 May 2018
Ottawa, Ontario -- Benbria, the leading provider of omni-channel messaging and customer experience measurement solutions, announced to clients and partners today its compliance with the European General Data Protection Regulation, or "GDPR" which will become enforceable on May 25, 2018.The GDPR requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. As a cloud software-as-a-service (SaaS) provider, Benbria sees this as an opportunity to improve data security for all customers on the Loop platform including customers using Loop Messenger, Loop Pulse and Loop OnDemand. As a global leader of omni-channel messaging and measurement software solutions, Benbria will raise the bar with this initiative.A key element of GDPR compliance is consumer transparency. Benbria will continue to be transparent in how it manages and uses consumer personal data to provide service. Benbria commits to cooperating with customers to help facilitate their respective data protection rights regarding personal data. In addition, European consumers may now request to be forgotten and will have a right to obtain from Benbria an erasure of personal data without undue delay, if they wish to withdraw consent.Lastly, GDPR calls for prompt action in the event of a breach of security or unintended leak of personal data. While Benbria maintains top-level security policies and processes customer data in facilities with world-class security infrastructure, the company is prepared for every scenario. Benbria, in cooperation with their partners and policies, commits to being forthright and transparent about any compromise to customer data. In the event that Benbria becomes aware of any unauthorized access or disclosure of personal data, Benbria will promptly take action to provide awareness and reestablish trust amongst our customers, to the extent such notification is permitted by applicable law."Our focus on information and data security have always been a major benefit of using Loop, as we already built our platform to comply with well-established regulations in several global markets. This includes our home country of Canada, where many countries and regulators have turned to as a reference point for best practices," said James Geneau, VP of Marketing at Benbria. "These further enhancements to comply with GDPR means we are even better positioned to offer a solution that can meet the needs of our existing and growing list of clients based in Europe, and around the globe."Businesses using the Loop platform can respond to messages through a wide selection of channels including SMS, E-mail, proprietary web chat, in-App chat, physical kiosks and messaging channels like Facebook and Twitter; while having the ability to seamlessly route them to key internal team members. In addition, businesses can measure customer satisfaction in real-time using short and timely feedback surveys which capture customer sentiment and satisfaction at any point of the customer journey.These additional GDPR related compliance steps come into effect today, ahead of when the regulation becomes enforceable on May 25, 2018.Companies in Europe can request to connect with their dedicated Benbria team member by visiting www.benbria.com/contact-us.About Benbria Benbria is a leader in omni-channel customer engagement solutions, helping the world's greatest brands deliver a superior guest experience that goes above and beyond their competitors. Using a variety of mobile, online, and on-property technologies - including SMS, email, web, in-app and messaging channels, as well as kiosks - Loop enables brands to capture and direct real-time customer requests, concerns, suggestions, and positive input to management and team members for action and closure.With over 1,400 client locations in 20 countries, a network of 10 global sales partners, and the ability integrate with over 60 PMS and SOS solutions, Benbria offers both global reach and expertise with the hospitality industry's largest network of integration partners. For more information, visit www.benbria.com.Media Contact:Nicole Jardim Benbria Corporationnjardim@benbria.com
commercial

Caveau Partners with Hotels & Travel Agencies Ahead of GDPR and PCI Deadlines

Caveau - CardVault · 3 May 2018
Miami, FL: Caveau, the all-in-one software platform custom-built for the travel industry for safeguarding sensitive data exchanged at the point of transaction is providing businesses around the world with fast and affordable solutions for achieving GDPR and PCI DSS compliance. With looming deadlines on May 25 and June 30, 2018, respectfully, hotels and agencies are looking for efficient ways to meet strict new requirements going into effect. Most recently, the company announced it is working with Aparto Suites Muralto, an "All Suites" hotel service in Madrid, Spain, to assist in bridging the gap in its credit card collection process, specifically in transactions made directly to the hotel by telephone, email or fax.Jose Luis Alonso, the Director of Aparto Suites Muralto, is charged with adapting all procedures and structures to meet the latest tourism business standards. According to Alonso, it was a struggle to find a provider who understood their need for a GDPR and PCI DSS-compliant method to collect credit card details but not automatically take the payment when guaranteeing client reservation. "After months of searching, I couldn't find a solution that was not a payment gateway through a bank and linked to the web page. Since our problem was unique to the hospitality industry, Caveau were the only ones that understood what I needed," he says.Within a matter of days, Caveau was able to deliver the tools Aparto Suites Muralto required to collect and protect its client's credit card data no matter the method it's provided. Says Caveau CSO, Brian Dass, "This was another case of our experience and understanding of the travel space coming into play in helping hotels reduce the risks of GDPR and PCI DSS compliance. Our personalized credit card vault technology is designed to limit dangers relating to processing, storing and transmitting credit cards and personal data in a GDPR, PCI and PII-friendly format. We're proud to offer flexible and affordable solutions for meeting critical new industry regulations, protecting your Guests Data experience, your valuable assets and your online reputation."With Caveau, hotels accepting financial information are able to send a time-sensitive link to the client to safely collect the data. "We have inserted this tool in our reservation process inside the property management system and those confirmed by email, increasing the reliability and the security of direct reservations. We're pleased to have found an answer that fit our budget and completely solved our problem, and our customers are happy knowing their personal information is 100% secure," says Alonso. Caveau has also delivered a customized solution for filtering emails containing credit card numbers and personally identifiable information and is working to set up a payment gateway through a bank to process direct, web and OTA reservations. "I am pretty sure we are now leaders and pioneers in the compliance of the PCI DSS thanks to our partnership with Caveau!"About Aparto Suites Muralto: An establishment of reference in Madrid center for their originality, innovation and level of customer satisfaction, Aparto Suites Muralto provides All Suites lodgement for business and personal travel in addition to buffet breakfast and covered parking. Established in 1974, the apartment-style hotel is situated in one of the most desirable tourist areas in proximity to the city center, just a short walk to the main monuments, shopping areas and gastronomic centers in Madrid. Contact Aparto Suites Muralto at +34915424400, director@muralto.es , www.muralto.es

Aligning Software with the Human Touch

Pegasus · 2 May 2018
As the General Data Protection Regulation (GDPR) looms and goes into effect within weeks, it's more critical than ever to ensure that consumer data is managed within the parameters, while also enabling hoteliers to build better relationships with their guests. The question is, what is the process that aligns the human touch and software to build and strengthen those guest relationships?Convert - Converting means turning phone calls and web visits into booked reservations. Boosting conversions mean the right offers are delivered to the right person. Direct bookings are often the result of consumers being given relevant offers so they don't book through other channels. Personalized content, like recommendations based on previous stays, or offers based on buying personas, can help. For example, maybe the offer is a free shoe shine for a business traveler, or wine upon arrival for a personal stay. People love personalization. Give your guests personalization, and they'll gravitate towards your brand.com offerings.Connect - Connecting means fulfilling the guest's needs. The key is having the right software, and using it within the parameters of GDPR, to know what those needs are. With the right software, hoteliers can connect offers, rooms, and features based on data already stored in the software program, or automatically pull data found on open social sites. Hoteliers can gain a deep understanding of who their prospects and guests are, what they care about, and ultimately how to influence their purchasing decisions. Of course, delivering this level of personalization requires granular data. Luckily, some systems on the market deliver tools that determine personalization opportunities and present them to your guests.Engage - Understanding your guest is critical to being able to engage with him or her. These days - thanks to research, big data, and social media - hoteliers can create detailed profiles of their guests much more easily than they could in the past. This not only helps with personalization but can predict future behavior as well. Again, within the parameters of GDPR, the ability to predict needs is a powerful tool. It can improve the overall guest experience. Guests want to feel that not only are they receiving value, but they are being treated like someone with whom you're engaged.Successful hotels understand the importance of taking a holistic approach to personalized guest interactions at every touch point, within the bounds of GDPR. With the right hotel software that pulls guest data from outside sources and delivers the right offers--hoteliers can enhance the total guest journey. Hoteliers can then forge long-lasting relationships in ways that only technology intersected with the human touch can deliver.
commercial

How you can make sure your hotel marketing is GDPR compliant

SiteMinder Blog· 2 May 2018
The General Data Protection Regulation (GDPR) is just around the corner now, with the law to be introduced on 25th May 2018. It’s being implemented to strengthen and unify data protection in the European Union (EU) and could directly affect your hotel. The GDPR will give control back to citizens and residents over their personal data and aims to simplify the regulatory environment for international business.

Compliance with new EU data rules requires buy-in at all levels

Hotel Management· 1 May 2018
The European Union’s General Data Protection Regulation goes into effect on May 25, 2018. It is a mammoth regulation and perhaps the most significant European data-protection legislation in more than 20 years. In fact, the European Commission just released a new website to help stakeholders, including businesses, with implementation. With its global reach, applying to any organization that processes the personal data of individuals within the EU regardless of where the data land, GDPR compliance is top-of-mind for executives. Despite U.S.-based multinationals spending millions of dollars and thousands of hours preparing for the GDPR since it was announced two years ago, a recent survey by MediaPro reveals that more than half of U.S. employees have never heard of the regulation.

GDPR - Frequently Asked Questions & Answers For Hoteliers

Hotel Speak... Talking Hotels· 1 May 2018
The GDPR (General Data Protection Regulation) replaces the 1995 EU Data Protection Directive and is the most significant piece of European data protection legislation to be introduced in the last 20 years. In short, the regulations are centred around protecting an individual’s rights regarding the collection and processing of their personal data, across Europe.

GDPR: Time To Panic?

hotel-industry.co.uk· 1 May 2018
David Collins, columnist and Co-Founder & Chief Operating Officer at Great National Hotels and Resorts discusses the challenges posed by GDPR with Great Nationa’s Data Protection Officer, Aimee Olley. The deadline for hotels to comply with the new General Data Protection Regulation is fast-approaching. By the time this article is published, it may have already landed at our doors. So, should you be panicking? Aimee Olley, Data Protection Officer for Great National Hotels and Resorts provides some timely advice. In short, the answer is no, or at least, not yet.

Why the Rest of World Can't Free Ride on Europe's GDPR Rules

harvardbusiness.org·30 April 2018
The digital industry is riding an important—and turbulent—wave of change right now. As Facebook and others grapple with tough questions about data privacy and security practices, trust in social platforms appears to be plummeting. Companies and analysts are scrambling to figure out how to make privacy rules clear, protect user data, and evolve the business models that made them successful in the first place.
commercial

Why GDPR Compliance Will Help Strengthen Your Hotels Relationship Marketing

Are Morch - Hotel Blogger & Social Media Manager ·26 April 2018
On May 25th, the European Union’s General Data Protection Regulation – GDPR goes into effect. GDPR specifies that customers must explicitly consent for their personal information to be processed and used by the third party site. This clearly marks a shift towards start building a quality relationship with your Hotels guest.
commercial

A Hotelier's guide to GDPR compliance

Hotelogix Blog·25 April 2018
The General Data Protection Regulations has caused quite a stir in the hospitality industry of late. With the deadline for implementation, 25th of May 2018, drawing closer, we thought it would be a good idea to run you through the specifics. Understanding why? Living in a data-driven age, where we have access to ample information on various subjects, from the closing stock price of a particular company to scores of the latest game and other tabloid gossip. However, all this information may include individuals names, addresses, bank details and passport information.

Participate in HFTP's Entrepreneur 20X at HITEC Houston

HFTP ·25 April 2018
Hospitality Financial and Technology Professionals (HFTP), producers of Hospitality Industry Technology Exposition and Conference (HITEC), is currently accepting applications for participants, judges and mentors for Entrepreneur 20X (E20X) at HITEC Houston. Those interested can apply via the HITEC website - startups can apply here, and volunteers can apply here. E20X Houston will take place on Monday, June 18 from 1:00 to 4:00 p.m. at the Gorge R. Brown Convention Center in Houston, Texas.E20X participants will be selected from the field of applicants and pitch their business concepts to a panel of expert judges and HITEC attendees and exhibitors. Participants will have access to a team of mentors before the competition, who will inspire and educate the startups by lending them insights, expertise and guidance. The E20X judge's panel will determine the grand prize, "E20X Judge's Choice Award," winner while the audience will determine the crowd favorite, "E20X People's Choice Award," winner. Selected startups will also receive a kiosk in the HITEC Houston exhibit hall.E20X mentor opportunities are available to industry professionals who would like to volunteer and share their knowledge with participants the day of the competition. Day-of mentors will meet face-to-face with participants in a series of pre-booked meetups hours before the E20X competition takes place sharing their experience, answering questions and making invaluable connections."Being an entrepreneur, running your own business, can be challenging in the sense that you are solely making decisions without the guidance of feedback," said HFTP CEO Frank Wolfe. "HFTP's Entrepreneur 20X event gives startups the opportunity to showcase their products, services and ideas in front of a global network of industry peers including investors, c-level experts and a judges panel that is guaranteed to serve as a steppingstone on your path to success."HFTP remaining events for 2018 include HITEC Houston - HFTP's largest event of the year - from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA. HFTP Annual Convention will October 24-26 at the Omni Louisville Hotel in Louisville, Kentucky USA. HITEC Dubai will take place December 5-6 at the Madinat Jumeirah in Dubai, UAE. For more information about HFTP's international events, visit www.hftp.org and www.hitec.org or contact the HFTP Meetings & Special Events Department at education@hftp.org.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career.Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes, HFTP GDPR Bytes and HFTP FB Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.
commercial

What Is GDPR, and How Can It Impact Your Business? [Infographic]

MarketingProfs·Requires Registration ·24 April 2018
The General Data Protection Regulation (GDPR) is set to go into effect on May 25. It will change the way businesses worldwide process and store client and employee information, and there are serious consequences for failure to comply.

HFTP Announces 2018 CHTP of the Year Recipient

HFTP ·23 April 2018
Hospitality Financial and Technology Professionals (HFTP), will honor Sean Van Dyke, CHTP as the 2018 Certified Hospitality Technology Professional (CHTP) of the Year at HITEC Houston this June. The CHTP of the Year award honors the individual that scored the highest on the CHTP certification exam within a given year. HITEC Houston, HFTP's second and largest HITEC of 2018, will take place from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA.Van Dyke works as a director of IT at St. Julien Hotel & Spa, a luxury four star/diamond spot located in Boulder, Colorado USA. Van Dyke mentions computers are both his day job and also his hobby. He enjoys building virtual environments, dabbling with containers and staying up on the latest VR news."Getting the CHTP certification made a lot of sense for me," said Van Dyke. "It offers recognition of my specialized knowledge in both my field of study and the particular industry in which I make my career applying those skills. It is a unique designation which stands out to my industry colleagues."Developed jointly by HFTP and the Educational Institute (EI) of the American Hotel and Lodging Association (AH&LA), the CHTP designation is the ultimate achievement in hospitality information technology by showing a dedication to both the hospitality and technology industries. The CHTP exam was first given in 1994 at HITEC in Dallas, Texas USA. Since then, more than 400 professionals have earned the CHTP designation around the world. HFTP also administers the examination and awards the Certified Hospitality Accountant Executive (CHAE) industry designation.HFTP's certification programs are globally recognized for setting industry standards for hospitality finance and technology. Qualification for the exams is based on level of education and experience in the industry; student programs are also available. Active certificants have reported higher salaries and various career advancement opportunities. Becoming certified indicates and individual's commitment to professionalism, continuing education and their chosen career path.For more information on HFTP's certification programs, contact HFTP Certification Manager Robin Bogdon at certification@hftp.org or visit www.hftp.org.HFTP remaining events for 2018 include HITEC Houston - HFTP's largest event of the year - from June 18-21 at the George R. Brown Convention Center in Houston, Texas USA. HFTP Annual Convention will October 24-26 at the Omni Louisville Hotel in Louisville, Kentucky USA. HITEC Dubai will take place December 5-6 at the Madinat Jumeirah in Dubai, UAE. For more information about HFTP's international events, visit www.hftp.org and www.hitec.org or contact the HFTP Meetings & Special Events Department at education@hftp.org. Download the 2018 HFTP event mobile app from the Apple Store or Google Play - information coming available as each event nears.About HFTPHospitality Financial and Technology Professionals (HFTP), established in 1952, is a hospitality nonprofit association headquartered in Austin, Texas USA with offices in Hong Kong, United Kingdom, The Netherlands and Dubai. HFTP is recognized as the spokes group for the finance and technology segments of the hospitality industry with an international network of members and stakeholders. HFTP uniquely understands the industry's pressing issues, and assists its stakeholders in finding solutions to their challenges more efficiently than any organization. HFTP offers expert networks, educational resources, career development programs, research, leadership opportunities and conferences and events. HFTP produces international events throughout the year, including the world's largest hospitality technology tradeshow and conference brand: HITEC. The association also owns the world's only hospitality-specific search engine: PineappleSearch.com. For more information about HFTP, visit www.hftp.org.For the latest news, visit the HFTP News page at news.hftp.org and the HFTP Connect blog at blog.hftp.org. Follow HFTP on social media: Facebook (@HFTPGlobal); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Stay tuned to HFTP's industry-specific, informational news sites: HFTP News, HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes, HFTP GDPR Bytes and HFTP FB Bytes. HFTP event photos are available on Flickr, and HFTP event videos are available on YouTube.About HITECHospitality Industry Technology Exposition & Conference (HITEC) is the world's largest and oldest hospitality technology exposition and conference brand. HITEC offers a unique combination of top-notch education, and brings together the brightest minds and hottest technologies from across the globe to one place. The unparalleled event offers attendees essential education, access to top hospitality technology industry experts and the resources to find cost-effective ways to improve company bottom lines. Combined with the intimate opportunities to connect with fellow professionals, HITEC has everything to enhance your career.Historically hosted annually in a different city throughout the United States, HFTP decided to break tradition in 2017 by hosting three HITEC events all taking place outside of U.S. borders- in Toronto, Amsterdam and Dubai. This was the first time the global association's largest HITEC event - featuring thousands of hospitality professionals from around the world -took place outside of the United States. For more information about HITEC, visit www.hitec.org. Follow HITEC on social media: Facebook (@HITECconference); LinkedIn; Twitter (@HFTP); Instagram (@HFTP_HITEC). Find updates on the HFTP News page, and exhibitor news on the HITEC Bytes site. HITEC event photos are available on Flickr, and HFTP event videos are available on YouTube.###

Top Concerns Hotels Need to Know About the GDPR and How to Prepare Your Action Plan

HEBS Digital ·23 April 2018
What is the GDPR?The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and regulates how companies manage, use, and share personal data. The GDPR will take effect on May 25, 2018. The GDPR applies to natural persons, whatever their nationality or place of residence, whose personal data is processed and whose behavior is monitored while within the EU. This change in legislation means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies begin to adapt.The foundation of the GDPR builds on rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, and expands on these privacy measures in two critical ways. The definition of and requirements around personal data have been expanded. First, the GDPR defines personal data as any information that can be used to identify directly or indirectly a data subject, such as an online identifier like an IP address. The GDPR sets a higher standard for collecting personal data than ever before. By default, any time a company obtains personal data on an EU resident, it will need a legal basis for collecting that data, such as explicit and informed consent from that person. Even more importantly, users also need a way to revoke that consent, and they can request all the data a company has collected on them as a way to verify that consent. These strong regulations explicitly extends to companies based outside the EU. The penalties are more severe. The GDPR's penalties are severe and have two tiers of fines. The maximum fines per violation are set at up to four percent of a company's annual global revenue or 20 million Euros, whichever is larger. The lower level fines are up to two percent of a company's annual global revenue or 10 million Euros, whichever is larger. These penalties far exceed fines allowed by the Data Protection Directive, and it signals how serious the EU is taking data privacy.Get to know the facts. Avoid misconceptions regarding the GDPR: The GDPR affects hotels across the globe: The GDPR applies to all properties that target EU residents as customers no matter where they are located. This means that the GDPR affects all hotels in the US and locations around the world, not just Europe. Hotels are liable for the GDPR: Regardless of your partners or solutions provider, the hotel (who according to the GDPR would be considered the data controller) is ultimately responsible for using tools that are in compliance with the GDPR. One price point for all of the EU: Commonly overlooked regarding the GDPR, it's important to note that hotels cannot use profiling to set prices based on an EU visitor's location.How does the GDPR apply to your hotel's online data policy?The GDPR affects your hotel's data policy regarding EU website visitors in six main ways: Getting consent: Visitors to your website must understand exactly how you are planning on using their data, and the legal basis for why you are collecting the data. Unambiguous and affirmative consent is a key part of GDPR legislation and it is important for any hotel website that collects personal data to obtain specific permission to use it in the course of their business. If you are requesting consent from the customer, the user must agree to each specific purpose. That means if you have someone's email address who booked with your hotel, you are only allowed to market to them if they have explicitly agreed to this. Similarly, privacy notices may require rewriting to be in line with the GDPR rules. Privacy Policies and Terms of Service must be simple to understand and free of jargon (a good rule of thumb here is that a 16-year-old should be able to understand the Terms of Service). Accessing data: A main component of the GDPR is being fully aware of who has access to personal data that is logged and stored on your hotel website's content management system or database. The first step is to understand exactly who has access to this data and compile a list. Next, examine the list and ask whether all of these people require access to this data. If the answer is no, permission should be revoked and measures must be implemented to control future access.There must also be a robust process in place for deleting data that is no longer relevant or required, as companies are not allowed to hold on to this for any longer than is absolutely necessary. Data accountability: Regardless of your solutions provider, hotels are ultimately responsible for using tools in compliance with the GDPR. In light of this, hotels should audit any external agencies they use that might have access to their data to ensure that their procedures are compliant. As the data owner (controller) you are ultimately responsible for this, even if you have outsourced elements of the process, so keep a record of measures you have taken to ensure all partners are acting in line with the GDPR regulations. All of your partners should be able to clearly explain what measures they have taken to maintain maximum security of the data you provide. Data accuracy: All personal data must be accurate and kept up-to-date. Every reasonable step must be taken to ensure that personal data is correct in regard to the purposes for which data is processed, and that personal data is erased or rectified without delay if inaccurate. Data minimization: Websites should collect only the minimum amount of customer data to do the job, as well as adhere to the "storage limitation principle" which mandates that personal data must be stored for no longer than is required and that individuals must be informed about the planned use of personal data. Data portability and the "Right to be Forgotten": All website users have the right to receive their personal data that was previously collected in a readable format, as well as own the "Right to be Forgotten" which grants consumers the ability to easily have all of their data deleted from the hotel database.How can your hotel prepare for the GDPR?The GDPR affects your hotel website, data strategy, digital marketing, and online merchandising. Below are the top ways you can prepare for GDPR:Preparing Your Hotel WebsiteIt's important to ensure that all web forms and website cookie usage are in line with the GDPR. Your website's Privacy Policy and Terms and Conditions should also reflect the GDPR to ensure that everything is in compliance. Update your Privacy Policy and Terms and Conditions. First and foremost, your hotel website's Privacy Policy and Terms and Conditions should be updated to reference GDPR rules and regulations. In particular, you will need to be transparent with what you will do with personal information once you've collected it, and how long you will retain this information on your website and in any other databases. Ensure your website is secure. Your hotel website should have an SSL (Secure Sockets Layer) Certificate to ensure that all data processing through the website is secure. If your website has an SSL Certificate, the domain will begin with "https," rather than "http." SSL Certificates secure all of your data as it is passed from your browser to the website's server. Ensure cookie consent. Website visitors from the EU must provide consent for your hotel website to enable cookies that are used to identify an individual. Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. Hotel websites should present clear terms of service regarding cookie usage with an opt-in box. Do not include pre-ticked boxes on the consent form, as this is against the GDPR regulations. It is important to note that the hotel website should not constrict users to accept cookies in exchange for information, and the hotel must also have a legal basis under the GDPR to use an EU visitor's IP address to personalize content or identify a user's device. Ensure the ability for people to opt out or erase their personal data. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it under the "Right to be Forgotten" clause. Controllers must inform data subjects of the right to withdraw before consent is given. Update email opt-in to default to "No" and include specific check boxes for every opt-in. Forms that invite users to subscribe to newsletters or indicate contact preferences must default to "no" or be an un-checked opt-in box. You should also ensure that users provide consent for all ways your hotel will be utilizing their data. For instance, if a user is opting in for email newsletters, this does not mean they are opting in for that email to be used for look-a-like audience marketing. Ultimately, hotels must set up a specific checkbox or form of consent for each separate use of guests' data. And finally, to ensure that you are in complete GDPR compliance, it's important to implement a double opt-in process. All web forms must clearly identify named parties. Your web forms must clearly identify each party for which the consent is being granted. It is important to note it isn't enough to say specifically defined categories of third-party organizations, they must be named in full. For example, your consent form cannot simply say third-party ad networks, it needs to specifically name the ad networks where ads will appear.Preparing Your Data StrategyOnce you've collected user data from EU residents or anyone living within the EU, it's important to follow key protocols regarding the use and removal of this data. It is also extremely important that everyone covered by the GDPR has an easy way to access and download any of their personal data collected. Here are some key considerations regarding your data strategy: Provide EU visitors with easy access to download personal data. Your hotel website should provide a request form where EU website visitors can request personal data. Do not keep data for longer than required. While the GDPR does not state a specified timeframe that limits data storage, it's a good idea to scrub customer data once or twice a year to ensure that all data is accurate and up-to-date. Any inaccurate or incomplete information should be deleted and the hotel is responsible for clearly stating how long the information will be stored within the privacy policy. Allow easy consent opt-out to address the "Right to be Forgotten" and grant EU website visitors the ability to delete their personal data. Your data strategy must allow for website visitors who previously consented to any use of their personal data to easily opt out or "erase" their data, as well as update their opt-in preferences. This user experience should be just as seamless as opting in and be easy to navigate on the hotel website.Preparing Your Marketing StrategyThe GDPR impacts your email marketing strategy, display remarketing strategy, and any display that utilizes owned customer data for targeting. Make it clear which third-party vendors will be utilizing EU customers' personal data. When prompting users to opt in to cookie consent or to access their customer profile data for marketing purposes, be sure to clearly list the name of the ad networks and third parties that will be utilizing these cookies and accessing this data for retargeting and building look-a-like audiences. Ensure that all third parties and ad networks are in compliance with GDPR. Have your marketing agency or internal marketing department reach out to any third-party vendors or ad networks to ensure that they are GDPR compliant and have taken appropriate measures. Only use data for the intent in which the EU user opted in. When an EU user grants permission to use cookies or opt in to an email marketing list, only use the data for the marketing for which the user opted in. This means if the user only opted in for remarketing, you cannot use the data to build look-a-like audience targeting. Or, if an EU user opted in to a monthly email newsletter, the user's email address should not be used for other marketing purposes. Overall, it's not only important to familiarize yourself and your hotel staff with the GDPR, it's important to ensure that all of your bases are covered. To be ready for what's next on the official launch of the GDPR on May 25, 2018, check out additional resources on The UK Information Commissioner's Office and review your policies with a data privacy consultant and your legal team.

The Top 5 Things You Need to Know Now in Hotel Digital Marketing: April Edition

Max Starkov | The HeBS blog·20 April 2018
This month, the latest digital innovations include new publishing features on Google My Business listings, the new Google Outstream Video Ad format, and new Instagram profile bio features. The industry is also abuzz with the fast-approaching launch of the GDPR. From SEO to design, read on to learn the top five things you need to know now in hotel digital marketing, and stay informed.

Newletter

Thank you for subscribing. Your email address has been added to our mailing list.
Close
To subscribe to the GDPR Bytes Newsletter please enter your email address below.
An error occured, please check your input and try again.
CancelSubscribe