A brief synopsis on how the new EU privacy laws will affect your inn's data and information.
There’s been a lot of buzz surrounding the European Union’s newest privacy law and for good reason. This complex law affects almost all aspects of data collection for the 500 million people who call the EU home – and that includes their activities when traveling abroad.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR), which goes into effect on May 25, is a far-reaching consumer protection law allowing people to control how their personal data is collected – and/or shared.
In the hospitality industry it means even European guests who willingly share their contact information to book a room in the United States can’t automatically be targeted for re-marketing purposes. So gone would be an automatic follow up email seeking reviews, the opportunity to join a loyalty program or notifications of other inn-related events. Instead of implied consent, which is the standard of the US, hotels must obtain written consent from European guests.
But do American innkeepers who host European guests really need to change their practices?
Does GDPR apply to me? It depends on whom you ask.
Some suggest that small properties would be wise to embrace the spirit of the new law before sending out follow up emails or loyalty newsletters since penalties are hefty and also because old-fashioned goodwill should be embraced. Click here to read the privacy laws in various jurisdictions.
Wired Magazine says “companies must be clear and concise about their collection and use of personal data.” For smaller innkeepers and bed and breakfast owners already juggling many tasks this seems yet another item to address, but the best and easiest way for innkeepers to comply with the GDRP is upon check in. When imprinting a European’s credit card include a sheet seeking consent, and a signature, to contact them in the future about their stay and promotional savings, and anything you plan to communicate with them about in the future via email.
But this is only one small part of GPDR compliance.
You will also need to be aware how GDPR affects your company data. On May 25, 2018 Google will limit analytic history to 26 months (or less) unless you actively change settings.
Acorn wrote a blog post on April 12th, 2018 about this critical issue and the need for action by innkeepers.
Advantage Level 3 members can rest easy – we’ve already adjusted your settings to preserve your data, and will be revisiting these settings for additional adjustments in light of the GDPR requirements. We will also adjust the settings for Advantage Plan Level 1 and 2 clients as part of your plan but you must request this action on or before May 23rd, 2018.
You may do so by logging into dashboard.acorn-is.com Hint: use the same access email and password as you do to log into Billing Orchard
Step 1: Click on "Blog"
Step 2: Click on the GDPR Requirements post and complete the request form.
Pay As You Go Clients must submit a support ticket by clicking here and will be charged accordingly.
And yet there is even more you need to be aware of.
So much more we can't even begin to share it in this blog post. If you are an Acorn IS PAYG (Pay as you go) client, and missed the May 10th, 2018 GDPR Webinar, you may contact Annie@acorn-is.com to receive the link and password to the webinar and to request a PDF of the PowerPoint Slides. If you are an Advantage Plan Client, you will find both the PDF and the Video in dashboard.acorn-is.com blog post: GDPR Requirements.
If you are not an Acorn IS client - you are welcome to attend the PAII and AIHP sponsored GDPR webinar they have requested we conduct for them on Wednesday May 16th, 2018. This webinar is open to the entire industry, and you do not need to be a PAII member to attend.
Do know privacy issues are not new. Last year Acorn wrote a blog that addresses sharing your email list, and of course all credit card payments must already be compliant with the Payment Card Industry Data Security Standard (PCI DSS).
The responsibility for GDPR and all related compliance issues resides with you, the business owner. Acorn is here to make you aware of the changes and support you as you see see fit. Acorn cannot make these critical and individualized decisions for you.
For more information about the Data Protection Commission visit this website.